Exim smart route authentication fails

[Freddy]

I used this guide to setup a smart route for my server (server A). It should relay all e-mails from all domains to server B. The relay host is also a DirectAdmin server (server B). On server B I created an e-mail account on a random domain that is hosted there for authentication. I used that e-mail address with its password in the Exim.authenticators.post.conf file on server A.

The problem is that server B does not relay the e-mails that I send. It looks like server A does not authenticate at all. Is Exim not sending the credentials?

Server A tells me this in the Exim logfile:

2022-04-08 10:16:42 1ncjnO-001I92-6x <= [email protected] U=<dauser> P=local S=399 T="test" from <[email protected]> for [email protected]
2022-04-08 10:16:42 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1ncjnO-001I92-6x
2022-04-08 10:16:42 1ncjnO-001I92-6x ** [email protected] F=<[email protected]> R=smart_route T=auth_relay H=<server-B-name> [<server-B-IP>] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=yes: SMTP error from remote mail server after RCPT TO:<[email protected]>: 550 relay not permitted, authentication required

The exim logfile on server B tells me this:

2022-04-08 10:16:42 H=<server A> [<server-A-IP>] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: relay not permitted, authentication required

These are the config files from server A.

Exim.transports.pre.conf

auth_relay:
    driver = smtp
    port = 25
    hosts_require_auth = $host_address
    hosts_require_tls = $host_address
    headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
    interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
    helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
    hosts_try_chunking =
    hosts_try_fastopen =
.include_if_exists /etc/exim.dkim.conf

Exim.routers.pre.conf

smart_route:
     driver = manualroute
     domains = ! +local_domains
     ignore_target_hosts = 127.0.0.0/8
     condition = "${perl{check_limits}}"

     #use remote_smtp only if you do not need smtp-auth.
     #transport = remote_smtp

     #use auth_relay if you do need to set the remote smtpauth
     transport = auth_relay

     route_list = * relay.domain.com::587
     no_more

Exim.authenticators.post.conf

auth_login:
    driver = plaintext
    public_name = LOGIN
    #replace your@email and yourpass
    hide client_send = : [email protected] : 2sZtV-longpassword-6eU7N

Exim version:

Exim: 4.95

Exim.conf version is:

Latest version of exim.conf: 4.5.37
Installed version of exim.conf: 4.5.37

I tried to use the account [email protected] from within a simple mail client like Thunderbird to send e-mail. This works just fine so the account should be able to authenticate and send mail.

What am I missing here?

 

[Freddy]

Is there anyone who can tell me why this isn't working?

 

[factor]

do you have SMTP Block on in CSF?

what does

telnet server.a 25 from server.b

telnet server.b 25 from server.a
show?

 

[Freddy]

do you have SMTP Block on in CSF?

what does

telnet server.a 25 from server.b

telnet server.b 25 from server.a
show?

Yes, there is a block on port 25 for server B. That's why I configured smart route to use port 587 which is not blocked. A telnet session confirms communication between the servers.

 

[Freddy]

I finally have some progress. I added the option disable_ipv6=true to the /etc/exim.variables.conf.custom file and rebuild the exim conf on server A.
Now server A will only communicate with its IPv4 address. On server B I created a whitelist for relaying IP addresses. This instantly fixed the smart route. I added the IPv6 address too but that didn't work.

Now when I relay mail it says that authorization is ignored but that's fine for now.

Still trying to understand why authorization doesn't work. The current solution is more like a dirty workaround.