logs archiveIRC Archive / Freenode / #exim / 2010 / April / 8 / 1
ente
I keep getting 535 Incorrect authentication data
although the authentication data is right and pam is configured
any ideas what I'm doing wrong?
gah, frustrating -.-
I keep getting that for two days ow
the wiki says the /etc/pam.d/exim has to be readable for the exim group. it is world readable. why the hell doesn't it work?
any ideas?
anyway
got auth working over dovecot
thanks for no help :P
good bye!
herron
(Action) (archivist on site ) spots erkules
fab__
solved the problem... replaced password lookup ${lookup mysql{...}} with ${lookup mysql{...}{$value}fail}
although i think it is not intuitive that lookup returns the empty string if the query has no results...
henk
o_O
what else should it return?
fab__
i think it should fail
henk
why? it does not fail.
fab__
no
for this reason it was possible to authenticate with a nonexisting username using the empty password
which is of course my mistake for not reading the documentation properly :-)
henk
wrong. the reason is that the admin did not think through his config...
"no result" is a valid result that you want to be able to catch generally. and it is something fundamentally different than a failing query.
fab__
yes, but no result is not the same as an empty string
         

henk
there are not many possibilities of returning "no result" and imho an empty string is the one most sensible. what would you prefer?
fab__
you would not be able to distinguish if there was an actual result '' or if there was no result at all
henk
lol
if the actual result can be '' the database design is really bad...
fab__
that is not the point here
henk
what is the point?
fab__
if you use lookup in another place, '' might be a very valid result
henk
fab__: let's go step by step please: what would you prefer to get for 'no result' other than an empty string?
fab__
if lookup can either return a string or fail and a string would mean that the lookup succeeded and there was such an entry in the database, then i would expect it to fail if there was no such entry
RiotingPacifist
Sorry I know this is probably in the docs, but I'm not sure what the best way to do this is. I've setup a backup relay exim server with no anti-spam, but spam is generating backscatter to the domains it relays to e.g a spoofed email from me@example.com to me@example.com will send an NDN (from my relay)
should i 1) configure exchange ( :( ) to only accept NDN for real mail 2) stop sending out NDNs (this seams like a bad idea) 3) filter relaying so it can't be send from relay1.com to relay1.com but can be sent from relay2.com to relay1.com, 4) something i've not thought of
fab__
if it allowed other results, than one other might be more appropriate
but since it does not, it should not return a value indicating a successful lookup when in fact there was none
henk
fab__: and what about queries that actually fail?
fab__
they should fail too
henk
then how do you distinguish a failed query from a query without result?
fab__
is is better not to be able to distinguish to different sorts of fails then to present one as a success
henk
a query without result is NOT a fail!
fab__
no, but a lookup without one is
henk
it is successfull and returns whatever you wanted to see. which might be nothing...
it is NOT!
ah, wait...
with lookup you mean the exim command, right?
fab__
why would you expect a lookup to return '' if it did not find its key?
yes
henk
fab__: because that's how databases work. you tell them what you want, they tell you what they find. if it's nothing, it's nothing, but it's not a failure... have a look at postgre- or mysql. they all work that way. even most gnu/bsd utils work that way. find for example. if the syntax is wrong, it fails with an error. if it just does not find any file matching your search options, it does not return anything. and this is good[tm]
fab__
henk: i know that this behavior is correct for a database. but it is wrong for lookup
at least not intuitive
         

henk
fab__: i think it's pretty intuitive: i write a sql query and it works exactly as it does in mysql.
fab__
the mysql statement should not fail of course
henk
imho it just gets confusing if exim interprets an empty result as a failure.
that's not what i would expect and i can imagine that it is just annoying in some cases.
fab__
what exactly does the mysql return? is it a tuple of strings or just a single string?
the mysql = the exim mysql command
henk
fab__: for exim?
fab__: http://exim.org/exim-html-4.69/doc/html/spec_html/ch09.html#SECTsql
fab__
ok, so it seems to be the second case
then the interface of the mysql function in exim makes it impossible to distinguis between an string and a query returning no rows
an empty string
henk
true. as i say: imho a database is badly designed if the queries rely on empty fields.
fab__: where do you rely on that? perhaps that can change my opinion and i see the necessity :)
fab__
for passwords i concur readily. in general i think empty strings make sense in some database designs
henk
for passwords? a password should never be empty imho...
fab__
yes, thats just what i said
henk
sorry, had to look up 'concur' ;)
ok, can you think of an example where empty fields might make sense?
erkules
(Action) hides from herron
fab__
for example if you want to know whether the user already entered some data (even if he left a field empty) or if there was nothing submitted
herron
erkules, its funny hiding under another nick in #mysql
fab__
in any situation where an empty string has another meaning then no entry at all
herron
erkules, and fix my exim for me (I need to forward specific non system users )
henk
fab__: you can easily work around that by selecting not just the field containing what he entered but also another field.
fab__: but i don't see the point of that really either ;)
fab__
henk: yes, of course you can work around it
henk
fab__: perhaps i just don't understand what you mean by "the user already entered some data"...
fab__
take a decision for example, the user might say yes or no or make no statement
in a database this is often represented as a boolean value that might also be null
henk
where?
oh, you mean just anywhere, right?
herron
dont allow nulls
henk
webfrontend or whatever, which writes to the database exim reads from, right?
erkules
herron: aka archivist im on mobile so slow on connection
fab__
herron: nulls are overused, but still quite useful in some places
herron
erkules, ok no worries
fab__
henk: i didnt mean this specifically for exim
henk
fab__: well i would just look whether the user has a preference and if not use the default. no problem there, or do i just not see it?
fab__
of course there is a difference to know whether the user make a decision or did not make a decision
henk
which is exactly what you get...
fab__
this is ok, if the field is in a table on its own and only references the userid
henk
why do you make that restriction?
fab__
maybe i dont understand what you mean by "i would jyst look"
but already the discussion has moved far away from the original topic and i would prefer to stop it at this point :)
henk
ok, time for lunch anyway :-p
but it was quite interesting, at least for me.
fab__
yeah, lunch should arrive soon
erkules
herron: slow doesn't mean Im not willing/able to help. do you want to redirect users to another host?
herron
erkules, yup I get the jist of it but dont know where the borked ubuntu system filter is or should be
erkules
ahh so your asking to configure debian/ubuntu instead of exim?:)
On debian and ubuntu there use a imho strange way to configure exim
herron
no, exim is working, now I need to add a filter for a non user to deliver sales@.. to another site@xx
yes it is strange and Im a first time exim user :(
henk
erkules: it's a pretty flexible way, but it takes a few minutes to get used to.
erkules
hehe me always create an old school /etc/exim/exim4.conf and I get rid of it
henk
too bad exim on debian/ubuntu does not read that conf...
erkules
henk: hours .. years .. aeons for me
henk
erkules: ouch? you're not the fastest guy around it seems :-p
erkules
henk: hehe im typing blind
henk
typing blind? not looking at the keyboard or what do you mean?
erkules
/etc/exim4/..
henk
doesn't read that either...
if you really try for aeons to understand the debian config layout, you have failed epically...
perhaps gardening would work for you, but i have the impression software is too complex :-p
herron
geeks dont do gardening!
erkules
heh I hate gardening. So something changed? I configure it via /etc/exim4/exim4.conf
henk
erkules: exim -d gives: configuration file is /var/lib/exim4/config.autogenerated
erkules
lol henk cp that file to /etc/exim4/exim4.conf and run exim -d again
herron
hmm I can send emails from the box but a forwarded one fails
Unrouteable address (state 14).
erkules
herron: exim doesn't know what to do with the domain/adress.
herron
http://pastebin.ca/1858796
I wondered if it was the lack of reverse dns at the moment
erkules
herron: sorry its still not that easy to switch between putty an firefox on a mobile:)
you can use exim to test addresses with -bt or something it looks like at first exim doesn't know what to do with the domain xxxx.com
btw wouldn't a/the redirect-router aka /etc/aliases not be sufficient?
henk
erkules: lol, ok. sorry for being rude, you were right and perhaps i should go gardening 'g'
erkules
herron: but you could be also right too;) /me hates typing "blind"
henk: np geeks dont do gardening as herron already said :)
henk
hrhr i guess it can be very relaxing... i will try it and report ;)
herron
erkules, but it does know if I use the same address on the box with a local mail program
full error in gmail was The error that the other server returned was: 550 550 Unrouteable address (state 14).
Guest43420
Hi all. I've checked my server with helocheck. It seems, that my configuration is not RFC-Conform. HELO shows my IP without square brackets. How can I achieve the RFC-conform HELO-answer either [ip] or FQDN?
petemc_
Guest43420: if primary_hostname isnt set, it uses the output of hostname -f
rimmele_mnm
Hi, can somebody help me with exim4? Problem is i get "451 Could not complete sender verify callout" if php will send mails to a specific host... for all other hosts it works fine...
Guest43420
petemc_, primary_hostname is then also to use in MX-entries for domain names?
petemc_
i dont know what you mean
but i think no
Guest43420
ok, thank You ;-)
rimmele_mnm, I assume You have wrong php mail configuration
rimmele_mnm
what do you think, could be wrong? And i think they could not be total wrong, because with the most hosts it works just fine... only one is blocking the mails...
Guest43420
rimmele_mnm, nevertheless You can't process mail further because of sender verifying error. Try to send a mail to the same host with the same params out of Your Thunderbird or so one.
henk
rimmele_mnm: you should not do sender verify callouts.
rimmele_mnm
how can i switch them off? :)
henk
by changing the conf.
how to do the callouts is explained in the docs. just reverse that procedure to switch them off...
rimmele_mnm
okay thanks for the help, i will try.
Guest81377
is it possible to set up cram-md5 authentification with accounts listet in a mysql-database, but without clear text passwords?
fab__
Guest81377: no
both sides need the clear text password for cram-md5 to work
Guest81377
fab__, fine. Is it possible to turn down cram-md5 completely without any functional restrictions for customer's MUAs?
fab__, ?
erkules
herron: back
fab__: btw I also had that {$value}-problem some time ago:)
Guest81377
HELO
t_pan
i have installed exim4 on debian lenny and i cant seem to recieve any emails. debug mode does not even register any activity. any helpful advise? here the config file: http://dpaste.com/180950/
im at a loss for what to look at next.
Guest81377
t_pan. If mainlog is empty, You shold check Your DNS (MX-entry)
« prev next »