[Exim] RE: SMTP AUTH advice

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Daniel Einspanjer
Date:  
À: exim-users
CC: 'Dave C.'
Anciens-sujets: Re: [Exim] host_accept_relay problem with netscape on localhost
Sujet: [Exim] RE: SMTP AUTH advice
I do have the SMTP AUTH working fine. It is using a plain passwd file. I
thought the PAM stuff looked easier on the exim side, but I don't know the
first thing about PAM in general and I wasn't sure if I could use it for
mail accounts that did not have a corresponding user account on the box. My
users are able to log in from Outlook, Outlook Express, and Netscape
communicator with no problem. The only drawback I had is that when running
Netscape on my local box, I still have to authenticate, but I am able to
auth just fine and read my mail. Users on my local network not using
Netscape do not have to auth. I posted my config on here once but people
might not like getting spammed with attachments so I'll just give you a link
to it on my FTP instead.

ftp://ftp.yipyip.com/exim.conf

Let me know if you have any questions regarding it.

-----Original Message-----
From: Dave C. [mailto:djc@microwave.com]
Sent: Wednesday, March 29, 2000 1:20 PM
Cc: exim-users@???
Subject: Re: [Exim] host_accept_relay problem with netscape on localhost



Has anyone on the list actually got SMTP AUTH working in an ISP type
setup, permitting legitimate customers to relay mail from foreign
networks while travelling, while not causing any hassle for customers
using the local dialups?

If so, and are willing to post your configurations, and any other info
such as your username/password setup (PAM/NIS/DB/shadow?), what clients
it works with, etc, what version of exim?

I'd really like to get this fully working. We have an NIS/PAM setup, on
RedHat 5.2, currently running exim 3.13.. If anyone could offer their
(sample) configs.. I have already looked at the cookbook and FAQ.. I'm
asking if anyone has any further details..

It seems that it is possible that we need the change discussed below in
the as yet unreleased 3.14 in order not to annoy customers who are NOT
travelling - is it only Netscape that does this? What effect on other
clients?

Phil, any chance of 3.14 finding its way to the 'Testing' directory?





On Wed, 22 Mar 2000, Philip Hazel wrote:

> On Tue, 21 Mar 2000, Daniel Einspanjer wrote:
>
> > I tried two different methods
> > of file listing:
> >
> > host_accept_relay = lsearch;/etc/virtual/localips    and
> > host_accept_relay = /etc/virtual/localips
> > where localips was a simple text listing of each IP address.

>
> The first of those won't work because it does a host *name* search. If
> you want to lookup the IP address you need to add net- on the front.
>
> > I noticed that when netscape sends mail, it uses the IP localhost so I

added
> > localhost to my list: host_accept_relay = localhost:208.36.207.0/24 but
> > netscape still prompts me for a password whenever I try to send mail.
>
> The next release of Exim contains the following change:
>
> 26. Don't advertise AUTH if host in host_accept_relay, even if it is in
> host_auth_accept_relay (unless "always advertise", of course).
>
> This is to cope with clients that can't be configured not to authorize
> if they see the availability of the facility.
>
> > I saw
> > a couple of FAQs about this and someone had posted a patch to exim to

make
> > it not offer the AUTH command to someone who matched host_accept_relay,

but
> > when I went to look at the code, that patch was already there (I'm

running
> > exim 3.13) and it doesn't seem to work.. ??
>
> Oh, heck. There's something odd in the documentation, because 3.13 lists
> this change, which seems identical, but I know I did something different
> to 3.14.
>
> 9. When auth_always_advertise is false, a AUTH is no longer advertised

if the
> host is in host_accept_relay, even if it is also in

host_accept_auth_relay.
> Thus one can use combinations like
>
>     host_auth_accept_relay = *
>     host_accept_relay = 10.9.8.0/24

>
> without having to fill up host_auth_accept_relay with exceptions.
>
> I think that 3.13 listing must not be quite what got implemented.
>
> > One thing I was wondering is that when I do -bh tests, host_accept_relay

is
> > not checked until I list an RCPT that is not in local_domains.
>
> No point in checking whether a host is allowed to relay until it
> actually tries to relay - but YES! I remember now. That's the change
> that has been made. The check has to be done earlier in order to get the
> advertising right.
>
> > I was
> > wondering how this is supposed to work since if a client issues an EHLO
> > command, exim automatically returns with AUTH as one of the available
> > commands. I did not see anything in the logging about host_accept_relay
> > being checked at that time.
> >
> > Could anyone shed some light on this problem for me? Am I missing a

setting
> > somewhere that causes host_accept_relay to be checked earlier?
>
> No, the only thing you are missing is the next release, which hasn't
> been released yet, I'm afraid.
>
> Philip
>
> --
> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.

>
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim

details at http://www.exim.org/ ##
>