Can't authenticate with exim server (starttls, plaintext login)

jaddle · September 7, 2021, 11:50pm

I recently upgraded my exim server, and now I can’t send mail through k-9. It works fine through thunderbird, so I expect k-9 just has a more limited way way of authenticating.
The server is set up to connect to port 587, encrypt via STARTTLS, and then do a plaintext login.

The error I’m getting from k-9 is “Authentication methods SASL PLAIN and LOGIN are unavailable.” Which is odd, because I’m pretty sure everything’s set up to work with plain text logins using STARTTLS. Again, it works just fine that way in Thunderbird.

Has anyone else seen something similar? I imagine there’s some exim config that I can change to fix it?

cketti · September 8, 2021, 12:14am

The error message indicates that the response to the EHLO command doesn’t contain an AUTH line that lists PLAIN or LOGIN.

Can you check what the response of your server looks like? You can e.g. use the following command:

echo "EHLO [127.0.0.1]" | openssl s_client -connect [yourserver]:587 -starttls smtp -ign_eof

A relevant response line typically looks like this:

250-AUTH PLAIN LOGIN

jaddle · September 8, 2021, 12:38am

Thanks! That command is just what I need to debug this. It seems like there’s no auth at all, which is really odd:

250 HELP
250-******** Hello *********** [xx.xx.xx.xx]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPE_CONNECT
250-CHUNKING
250-PRDR
250 HELP

I wonder what thunderbird is doing? Just sending without authenticating at all? Why is that working??? Time to fix my server!

jaddle · September 8, 2021, 1:07am

Somehow, that bit of the server config was all commented out. I must have been careless when upgrading! Everything’s fixed now, I think. Thanks for the quick response!