не работает smtp-авторизация exim+dovecot

EXIM, sendmail, postfix, Dovecot и прочие. Решение проблем связанных с работой электронной почты

Модератор: xM

Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
Аватара пользователя
hangover
рядовой
Сообщения: 40
Зарегистрирован: 2008-06-18 11:07:42
Откуда: Новосибирск

не работает smtp-авторизация exim+dovecot

Непрочитанное сообщение hangover » 2008-08-29 14:56:57

Всем привет.
Проблема такая: есть фряха, заведённая в домен windows2003, на ней поднят Dovecot (1.1.2), который авторизует пользователей с использованием pam_winbindd, и Exim (4.69), который должен авторизовать пользователей, отправляющих почту, посредством Dovecot

1. Dovecot работает на ура: подцепляет пользователя из домена, создаёт папочку в хоумдире и складывает туда его почту;
2. Exim, если цепляться телнетом снаружи, тоже отлично определяет, что получатель письма в домене есть, и, в случае, если нету, отпинывает;
ПРОБЛЕМА:
3. Ну никак не получается авторизовать пользователя при отправке письма, из домена, никаким способом.

В свой лог exim пишет просто:

Код: Выделить всё

SMTP connection from [192.168.13.1]:3438 I=[192.168.13.2]:25 (TCP/IP connection count = 1)
Хотя в общем логе, куда кидаются все системные сообщения, следующее:

Код: Выделить всё

Aug 29 15:39:42 gw dovecot: auth(default): new auth connection: pid=65055
Aug 29 15:39:42 gw dovecot: auth(default): client in: AUTH 57      NTLM    service=smtp    rip=192.168.13.1    lip=192.168.13.2 resp=
Aug 29 15:39:42 gw dovecot: auth(default): client out: CONT        57
Aug 29 15:39:42 gw dovecot: auth(default): client in: CONT 57      TlRMTVNTUAABAAAAB7IIogkACQAvAAAABwAHACgAAAAFAs4OAAAAD0FELUtBWk5LQVpOLTJHSVM=
Aug 29 15:39:42 gw kernel: pid 65055 (exim-4.69-0), uid 26: exited on signal 11
Aug 29 15:39:42 gw dovecot: auth(default): client out: CONT        57      TlRMTVNTUAACAAAAEgASADAAAAAFgomiiQhgBmmZbucAAAAAAAAAAIAAgABCAAAASwBBAFoATgAtADIARwBJAFMAAgASAEsAQQBaAE4ALQAyAEcASQBTAAEADgBHAFcALQBLAEEAWgBOAAQAHgBrAGEAegBuAC4AMgBnAGkAcwAuAGwAbwBjAGEAbAADAC4AZwB3AC0AawBhAHoAbgAuAGsAYQB6AG4ALgAyAGcAaQBzAC4AbABvAGMAYQBsAAAAAAA=
Особенно мне очень не нравится gw kernel: pid 65055 (exim-4.69-0), uid 26: exited on signal 11 - складывается ощущение, что, при попытке авторизовать юзера dovecot'ом, exim впадает в ступор и вываливается..

И, причём, одно и то же, независимо от способов авторизации - хоть я plaintext'ом пытаюсь авторизоваться, хоть NTLM, всегда пишет "dovecot: auth(default): client in: AUTH XX NTLM service=smtp", хоть ты тресни.. :(

Уже кипит мозг, и, скорее всего, я застрял где-то посреди трёх дубов, ткните, пожалуйста, носом!

Вот конфиги почтовиков (пардон за обширные портянки):

Конфиг Dovecot такой:

Код: Выделить всё

protocols = imap pop3
listen = *
disable_plaintext_auth = no
ssl_disable = yes
mail_location = maildir:/home/%Lu/Mail
mail_access_groups = mail
verbose_proctitle = yes
mail_debug = yes
first_valid_uid = 26
last_valid_uid = 26
first_valid_gid = 6
last_valid_gid = 6
umask = 0077
mbox_read_locks = fcntl
mbox_write_locks = dotlock fcntl
maildir_copy_with_hardlinks = yes

protocol imap {
  imap_client_workarounds = delay-newmail outlook-idle tb-extra-mailbox-sep
}

protocol lda {
  postmaster_address = root@mydomain.ru
  sendmail_path = /usr/local/sbin/exim

# UNIX socket path to master authentication server to find users.
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/log/dovecot/deliver.log
  info_log_path = /var/log/dovecot/deliver.log
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

auth_cache_size = 1024
auth_username_format = %u
auth_ntlm_use_winbind = yes
auth_winbind_helper_path = /usr/local/bin/ntlm_auth
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes


auth default {
  mechanisms = plain ntlm login

  passdb pam {
    args = exim
  }

  userdb static {
    args = uid=26 gid=6 home=/home/%Lu/Mail allow_all_users=yes
  }
  user = root

  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      # Default user/group is the one who started dovecot-auth (root)
      user = mailnull
      group = mail
    }
    client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      path = /var/run/dovecot/auth-client
      mode = 0660
      user = mailnull
      group = mail
    }
  }
}
Конфиг Exim:

Код: Выделить всё

######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################

primary_hostname = mail.mydomain.ru
domainlist local_domains = mydomain.ru
hostlist relay_from_hosts = localhost : 192.168.13.2
qualify_domain = mydomain.ru
domainlist relay_to_domains = mydomain.ru
MAIL_DOMAIN = mydomain.ru

ldap_default_servers = <; 192.168.13.1:389

LDAP_AD_BINDDN = CN=bsduser,CN=users,DC=mydomain,DC=local
LDAP_AD_PASS = "BSDuserPassworD"
LDAP_AD_BASE_DN = DC=mydomain,DC=local

LDAP_AD_MAIL_RCPT = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?mail?sub?\
(&\
	(&\
	(objectClass=user)\
	(objectClass=person)\
	)\
(mail=${quote_ldap:${local_part}@${domain}}))


LDAP_AD_MAIL_RETURN = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?mail?sub?\
(&\
        (&\
	        (objectClass=user)\
	        (objectClass=person)\
        )\
(sAMAccountName=${quote_ldap:$authenticated_id))


LDAP_AD_SAM_RETURN = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?sAMAccountName?sub?\
(&\
        (&\
	(objectClass=user)\
	(objectClass=person)\
	)\
(mail=${quote_ldap:${local_part}@${domain}}))
				

LDAP_AD_NAME_RCPT = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?sAMAccountName?sub?\
(&\
        (&\
        (objectClass=user)\
        (objectClass=person)\
        )\
(sAMAccountName=${quote_ldap:${local_part}}))

LDAP_AD_OU_RCPT = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?distinguishedName?sub?\
(&\
        (&\
	        (objectClass=user)\
	        (objectClass=person)\
	)\
(sAMAccountName=${quote_ldap:${local_part}}))
						

LDAP_AD_GROUP_RCPT = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?mail?sub?\
(&\
        (&\
                (objectClass=group)\
                (objectClass=top)\
        )\
(mail=${quote_ldap:${local_part}@${domain}}))

LDAP_AD_GROUP2_RCPT = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?distinguishedName?sub?\
(&\
        (&\
	                (objectClass=group)\
	                (objectClass=top)\
        )\
(mail=${quote_ldap:${local_part}@${domain}}))

LDAP_AD_MEMBER_RCPT = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?sAMAccountName?sub?\
(&\
        (&\
	                (objectClass=user)\
	                (objectClass=person)\
        )\
(memberOf=${quote_ldap:${lookup ldap {LDAP_AD_GROUP2_RCPT}}}))

	
smtp_banner = "$primary_hostname, ESMTP EXIM"

helo_allow_chars = _

log_file_path = /var/log/exim/exim-%s-%D.log
log_selector = +all
SYSLOG_LONG_LINES = yes

host_lookup = !192.168.0.0/16

rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 45m

auto_thaw = 1h

timeout_frozen_after = 15d

smtp_accept_max = 1000

smtp_accept_max_per_connection = 2000

smtp_accept_max_per_host = 100

split_spool_directory = true

remote_max_parallel = 15

return_size_limit = 70k

message_size_limit = 15M

smtp_enforce_sync = false

syslog_timestamp = no

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

acl_smtp_connect = acl_check_host

acl_smtp_helo = acl_check_helo


######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl

acl_check_rcpt:

#accept  hosts = +relay_from_hosts
accept  hosts = :

accept	authenticated = *
deny    message       = "incorrect symbol in address"
	domains       = +local_domains
	local_parts   = ^[.] : ^.*[@%!/|]

deny    message       = "incorrect symbol in address"
        domains       = !+local_domains
	local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

deny    message       = "HELO/EHLO require by SMTP RFC"
        condition     = ${if eq{$sender_helo_name}{}{yes}{no}}


accept  !authenticated = *
	hosts = 192.168.13.2
	
deny	!authenticated = *
	domains       = !+local_domains
	message = Sorry, authorization required (1)

deny    !authenticated = *
        condition = ${if eq{$sender_address_domain}{$domain}{yes}{no}}
	message = Sorry, authorization required (2)

deny    !authenticated = *
	hosts	= 192.168.13.0/24
	message = Sorry, authorization required (3)
 
deny    message       = "It is a not open relay"
	domains       = !+local_domains	


warn	set acl_m2	= 0
warn    condition     	= ${if !eq{$sender_helo_name}{$sender_host_name}{yes}{no}}
	set acl_m2	= ${eval:$acl_m2+30}
	
warn    condition	= ${if eq{$host_lookup_failed}{1}{yes}{no}}
        set acl_m2	= ${eval:$acl_m2+50}

warn	condition	= ${if match{$sender_host_name}{\N((?>\w+[\.|\-]){4,})\N}{yes}{no}}
	set acl_m2	= ${eval:$acl_m2+40}

warn    condition	= ${if !match{$sender_helo_name}{\N\w\.\w\N}{yes}{no}}
	set acl_m2	= ${eval:$acl_m2+60}

warn	condition	= ${if <{${strlen:$sender_address}}{25}{yes}{no}}
	set acl_m2	= ${eval:$acl_m2+50}

warn	condition       = ${lookup {$sender_helo_name}wildlsearch{/usr/local/etc/exim/list/spam-hosts}{yes}{no}}
	set acl_m2	= ${eval:$acl_m2+60}

warn    condition       = ${lookup {$sender_host_name}wildlsearch{/usr/local/etc/exim/list/spam-hosts}{yes}{no}}
        set acl_m2      = ${eval:$acl_m2+60}

warn	condition	= ${if >{$recipients_count}{4}{yes}{no}}
	set acl_m2	= ${eval:$acl_m2+($recipients_count*10)}


deny	message         = "Sender host contain dialup, dsl, pool etc."
	condition       = ${lookup {$sender_host_name}wildlsearch{/usr/local/etc/exim/list/host.blocked}{yes}{no}}

warn
	condition	= ${if >{$acl_m2}{160}{yes}{no}}
	set acl_c0	= ${eval:$acl_m2/10}s
	logwrite 	= Delay $acl_m2 for $sender_host_name [$sender_host_address] with HELO=$sender_helo_name. Mail from $sender_address to $local_part@$domain.
	delay 		= $acl_c0


deny    message       	= "you in blacklist - $dnslist_domain --> $dnslist_text"
        dnslists      	= opm.blitzed.org : cbl.abuseat.org : dynablock.njabl.org	
	delay		= 30s

accept  domains       = +local_domains
	endpass
	message       = "In my mailserver not stored this user"
	verify        = recipient						    

deny    message       = "It is a not open relay"


acl_check_helo:
accept hosts = 192.168.13.0/24 : 127.0.0.1
accept hosts = wildlsearch;/usr/local/etc/exim/list/white-hosts
accept condition = ${lookup {$sender_helo_name}wildlsearch{/usr/local/etc/exim/list/white-hosts}{yes}{no}}

drop message = Invalid HELO/EHLO data
condition = ${if match {$sender_helo_name}{\N^-?[0-9]+$\N}{yes}{no}}

drop message = HELO/EHLO should not be the IP-address
condition = ${if match {$sender_helo_name}{\N^(\d+\.){3}\d+$\N}{yes}{no}}

drop message = Spam blocking
condition = ${lookup {$sender_helo_name}wildlsearch{/usr/local/etc/exim/list/host.blocked}{yes}{no}}

accept

acl_check_host:
accept hosts = wildlsearch;/usr/local/etc/exim/list/white-hosts

accept condition = ${lookup {$sender_helo_name}wildlsearch{/usr/local/etc/exim/list/white-hosts}{yes}{no}}

drop message = Spam blocking
hosts = !192.168.0.0/16 : !127.0.0.1 : wildlsearch;/usr/local/etc/exim/list/host.blocked

drop message = This IP-address in our blacklist
hosts = net32-lsearch;/usr/local/etc/exim/list/net.blocked
hosts = net24-lsearch;/usr/local/etc/exim/list/net.blocked
hosts = net16-lsearch;/usr/local/etc/exim/list/net.blocked

accept

acl_check_data:

deny	condition     = ${if eq{$sender_address}{}{yes}{no}}
	hosts         = !127.0.0.1 : !localhost : *
	message       = "Where sender of this mail?!"
			
deny	message = Contains ".$found_extension" file (blacklisted).
	demime = exe:com:vbs:bat:pif:scr:js:cab:wsh:msi:hta:vb:vbe:jse:cpl:reg:msp:mst:lnk

warn	message = X-Spam-Score: $spam_score ($spam_bar)
	condition = ${if < {$message_size}{300K}}
	condition = ${if !eq{$sender_address_domain}{2gis.ru}{yes}{no}}
	spam = nobody:true/defer_ok

warn	message = X-Spam-Report: $spam_report
	condition = ${if < {$message_size}{300K}}
	condition = ${if !eq{$sender_address_domain}{2gis.ru}{yes}{no}}
      	spam = nobody:true/defer_ok

warn	condition = ${if >{$spam_score_int}{60}{1}{0}}
	set acl_c2= ***SPAM****
#	message = Subject: ***SPAM**** $h_subject:
	condition = ${if !eq{$sender_address_domain}{2gis.ru}{yes}{no}}
	condition = ${if < {$message_size}{300K}}
	spam = nobody/defer_ok

# reject spam at high scores (> 16)
deny	message = This message scored $spam_score spam points.
	condition = ${if < {$message_size}{300K}}
	condition = ${if !eq{$sender_address_domain}{2gis.ru}{yes}{no}}
	spam = nobody:true/defer_ok
	condition = ${if >{$spam_score_int}{160}{1}{0}}

accept

######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################

begin routers


dnslookup:
    driver = dnslookup
    domains = ! +local_domains
    transport = remote_smtp
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
    no_more

lists_all:
    driver = redirect
    domains = +local_domains
    local_parts = all
    senders = ${if exists {/usr/lists/.exim-all}{lsearch;/usr/lists/.exim-all}{*}}
    file = /usr/local/etc/exim/list/.exim-all
    forbid_pipe
    forbid_file
    redirect_router = local_adsi_user

lists_alias:
    driver = redirect
    domains = +local_domains
    local_parts = ! all
    file = /usr/local/etc/exim/list/.exim-$local_part
    redirect_router = local_adsi_user

adsi_check:
    driver = redirect
    domains = +local_domains
    allow_fail
    allow_defer
    data = ${lookup ldap {LDAP_AD_NAME_RCPT}{${local_part}}}
    redirect_router = local_adsi_user
			

AD_alias:
    driver = redirect
    domains = +local_domains
    allow_defer
    data = ${lookup ldap {LDAP_AD_SAM_RETURN}{${local_part}}}
    redirect_router = local_adsi_user
        
AD_group:			
    driver = redirect
    allow_fail
    allow_defer
    domains = +local_domains
    data = ${lookup ldapm {LDAP_AD_MEMBER_RCPT}{${local_part}} {:fail: User unknown}}
#    data = $address_data@${domain}
    redirect_router = local_adsi_date_r
    

system_aliases:
    driver = redirect
    allow_fail
    allow_defer
#    local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
    data = ${lookup{$local_part}lsearch{/etc/aliases} {:fail: User unknown}}
#    file_transport = address_file
#    pipe_transport = address_pipe
    redirect_router = local_adsi_user

local_adsi_user:
    driver = accept
    transport = local_adsi_delivery
    
local_adsi_date_r:
    driver = accept
    transport = local_adsi_date
	
    cannot_route_message = Unknown user

begin transports

local_adsi_delivery:
    driver = pipe
    headers_remove = subject
    headers_add = Subject: $acl_c2 $h_subject:
    command = /usr/local/libexec/dovecot/deliver -d $local_part
    message_prefix =
    message_suffix =
    delivery_date_add
    envelope_to_add
    return_path_add
    log_output    
    user = mailnull
    group = mail
    
local_adsi_date:
    driver = pipe
    headers_remove = subject
    headers_add = Subject: $acl_c2 $h_subject:
    command = /usr/local/libexec/dovecot/deliver -d $address_data
    message_prefix =
    message_suffix =
    delivery_date_add
    envelope_to_add
    return_path_add
    log_output
    user = mailnull
    group = mail
						

remote_smtp:
    driver = smtp

address_pipe:
    driver = pipe
    return_output
    
address_reply:
    driver = autoreply


begin retry
*                    *       F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin authenticators

dovecot_plain:
    driver = dovecot
    public_name = PLAIN
    server_socket = /var/run/dovecot/auth-client
    server_set_id = $auth1

dovecot_spa:
    driver = dovecot
    public_name = NTLM
    server_socket = /var/run/dovecot/auth-client
    server_set_id = $auth2

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35315
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: не работает smtp-авторизация exim+dovecot

Непрочитанное сообщение Alex Keda » 2008-08-29 15:17:30

экзим пересобирал?
с отладкой запускал?
Убей их всех! Бог потом рассортирует...

Аватара пользователя
hangover
рядовой
Сообщения: 40
Зарегистрирован: 2008-06-18 11:07:42
Откуда: Новосибирск

Re: не работает smtp-авторизация exim+dovecot

Непрочитанное сообщение hangover » 2008-08-29 15:52:15

lissyara писал(а):экзим пересобирал?
с отладкой запускал?
Да, пересобирал, уже неоднократно, последний раз собрал так:

Код: Выделить всё

PORTSDIR?=              /usr/ports
.if ${.CURDIR} == ${PORTSDIR}/mail/exim
WITH_CONTENT_SCAN=      yes
WITHOUT_IPV6=           yes
WITH_OPENLDAP=          yes
WITH_SPF=               yes
WITH_ICONV=             yes
WITH_PAM=               yes
WITH_AUTH_CRAM_MD5=     yes
WITH_AUTH_PLAINTEXT=    yes
WITH_AUTH_DOVECOT=      yes
WITH_AUTH_SPA=          yes
.endif
..а про отладку, к стыду своему - не успел найти, как :oops:
не подскажете параметры?

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35315
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: не работает smtp-авторизация exim+dovecot

Непрочитанное сообщение Alex Keda » 2008-08-29 21:53:46

соседнюю тему посмотри
Убей их всех! Бог потом рассортирует...

Аватара пользователя
hangover
рядовой
Сообщения: 40
Зарегистрирован: 2008-06-18 11:07:42
Откуда: Новосибирск

Re: не работает smtp-авторизация exim+dovecot

Непрочитанное сообщение hangover » 2008-08-29 22:27:58

запустил в режиме отладки, приведу кусок, соответствующий SMTP-сессии:

Код: Выделить всё

# /usr/local/sbin/exim -bd -d+all

... blah blah blah ...

23:02:20 77709 checking addresses for ad.mydomain.local
23:02:20 77709   192.168.13.1 OK
23:02:20 77709 sender_fullhost = ad.mydomain.local [192.168.13.1]:1875
23:02:20 77709 sender_rcvhost = ad.mydomain.local ([192.168.13.1]:1875)
23:02:20 77709 search_open: wildlsearch "/usr/local/etc/exim/list/white-hosts"
23:02:20 77709 search_find: file="/usr/local/etc/exim/list/white-hosts"
23:02:20 77709   key="ad.mydomain.local" partial=-1 affix=NULL starflags=0
23:02:20 77709 LRU list:
23:02:20 77709   G/usr/local/etc/exim/list/white-hosts
23:02:20 77709   End
23:02:20 77709 internal_search_find: file="/usr/local/etc/exim/list/white-hosts"
23:02:20 77709   type=wildlsearch key="ad.mydomain.local"
23:02:20 77709 file lookup required for ad.mydomain.local
23:02:20 77709   in /usr/local/etc/exim/list/white-hosts
23:02:20 77709 lookup failed
23:02:20 77709 host in "wildlsearch;/usr/local/etc/exim/list/white-hosts"? no (end of list)
23:02:20 77709 accept: condition test failed
23:02:20 77709 processing "accept"
23:02:20 77709 expanding: $sender_helo_name
23:02:20 77709    result:
23:02:20 77709 expanding: /usr/local/etc/exim/list/white-hosts
23:02:20 77709    result: /usr/local/etc/exim/list/white-hosts
23:02:20 77709 search_open: wildlsearch "/usr/local/etc/exim/list/white-hosts"
23:02:20 77709   cached open
23:02:20 77709 search_find: file="/usr/local/etc/exim/list/white-hosts"
23:02:20 77709   key="" partial=-1 affix=NULL starflags=0
23:02:20 77709 LRU list:
23:02:20 77709   G/usr/local/etc/exim/list/white-hosts
23:02:20 77709   End
23:02:20 77709 internal_search_find: file="/usr/local/etc/exim/list/white-hosts"
23:02:20 77709   type=wildlsearch key=""
23:02:20 77709 expanding: yes
23:02:20 77709    result: yes
23:02:20 77709 skipping: result is not used
23:02:20 77709 expanding: no
23:02:20 77709    result: no
23:02:20 77709 expanding: ${lookup {$sender_helo_name}wildlsearch{/usr/local/etc/exim/list/white-hosts}{yes}{no}}
23:02:20 77709    result: no
23:02:20 77709 check condition = ${lookup {$sender_helo_name}wildlsearch{/usr/local/etc/exim/list/white-hosts}{yes}{no}}
23:02:20 77709                 = no
23:02:20 77709 accept: condition test failed
23:02:20 77709 processing "drop"
23:02:20 77709 check hosts = !192.168.0.0/16 : !127.0.0.1 : wildlsearch;/usr/local/etc/exim/list/host.blocked
23:02:20 77709 host in "!192.168.0.0/16 : !127.0.0.1 : wildlsearch;/usr/local/etc/exim/list/host.blocked"? no (matched "!192.168.0.0/16")
23:02:20 77709 drop: condition test failed
23:02:20 77709 processing "drop"
23:02:20 77709 check hosts = net32-lsearch;/usr/local/etc/exim/list/net.blocked
23:02:20 77709 search_open: lsearch "/usr/local/etc/exim/list/net.blocked"
23:02:20 77709 search_find: file="/usr/local/etc/exim/list/net.blocked"
23:02:20 77709   key="192.168.13.1/32" partial=-1 affix=NULL starflags=0
23:02:20 77709 LRU list:
23:02:20 77709   ;/usr/local/etc/exim/list/net.blocked
23:02:20 77709   G/usr/local/etc/exim/list/white-hosts
23:02:20 77709   End
23:02:20 77709 internal_search_find: file="/usr/local/etc/exim/list/net.blocked"
23:02:20 77709   type=lsearch key="192.168.13.1/32"
23:02:20 77709 file lookup required for 192.168.13.1/32
23:02:20 77709   in /usr/local/etc/exim/list/net.blocked
23:02:20 77709 lookup failed
23:02:20 77709 host in "net32-lsearch;/usr/local/etc/exim/list/net.blocked"? no (end of list)
23:02:20 77709 drop: condition test failed
23:02:20 77709 processing "accept"
23:02:20 77709 accept: condition test succeeded
Всё, вроде, экзим разобрался, кто это такой, теперь, собственно, SMTP-сессия:

Код: Выделить всё

23:02:20 77709 expanding: $primary_hostname, ESMTP EXIM
23:02:20 77709    result: mail.mydomain.ru, ESMTP EXIM
23:02:20 77709 SMTP>> 220 mail.mydomain.ru, ESMTP EXIM
23:02:20 77709 Process 77709 is ready for new message
23:02:20 77709 smtp_setup_msg entered
23:02:20 77709 SMTP<< EHLO ADDOMAIN
23:02:20 77709 sender_fullhost = ad.mydomain.local (ADDOMAIN) [192.168.13.1]:1875
23:02:20 77709 sender_rcvhost = ad.mydomain.local ([192.168.13.1]:1875 helo=ADDOMAIN)
23:02:20 77709 set_process_info: 77709 handling incoming connection from ad.mydomain.local (ADDOMAIN) [192.168.13.1]:1875 I=[192.168.13.2]:25
23:02:20 77709 using ACL "acl_check_helo"
23:02:20 77709 processing "accept"
23:02:20 77709 check hosts = 192.168.13.0/24 : 127.0.0.1
23:02:20 77709 host in "192.168.13.0/24 : 127.0.0.1"? yes (matched "192.168.13.0/24")
23:02:20 77709 accept: condition test succeeded
23:02:20 77709 host in pipelining_advertise_hosts? yes (matched "*")
23:02:20 77709 host in auth_advertise_hosts? yes (matched "*")
23:02:20 77709 host in tls_advertise_hosts? no (option unset)
23:02:20 77709 SMTP>> 250-mail.mydomain.ru Hello ad.mydomain.local [192.168.13.1]
23:02:20 77709 250-SIZE 15728640
23:02:20 77709 250-PIPELINING
23:02:20 77709 250-AUTH PLAIN NTLM
23:02:20 77709 250 HELP
23:02:20 77709 SMTP<< AUTH NTLM
23:02:20 77709 dovecot authentication
23:02:20 77709 received: MECH   PLAIN   plaintext
23:02:20 77709 received: MECH   NTLM    dictionary      active
23:02:20 77709 received: MECH   LOGIN   plaintext
23:02:20 77709 received: VERSION        1       0
23:02:20 77709 received: SPID   29329
23:02:20 77709 received: CUID   62
23:02:20 77709 received: DONE
23:02:20 77709 sent: VERSION    1       0
23:02:20 77709 CPID     77709
23:02:20 77709 AUTH     62      NTLM    service=smtp    rip=192.168.13.1        lip=192.168.13.2        resp=
23:02:20 77709 received: CONT   62
23:02:20 77709 SMTP>> 334
23:02:20 77708 child 77709 ended: status=0xb

... вот, судя по остальным логам, на этом месте экзим и вываливается в кору ...

23:02:20 77708 0 SMTP accept processes now running
23:02:20 77708 Listening...
Что-то прозрение никак не наступает :(
До отладки снифал траффик между сервером и клиентом - примерно то же самое видел.
Главное, никак не пойму, почему он говорит использовать NTLM, когда в почтовом клиенте ясно написано юзать plaintext.. Может, я где-то по незнанию в аутентификаторах зарыл грабли? :st:
Пока что буду курить спецификацию...