[Exim] CRAM-MD5 TLS painfully generated sample conf file

Top Page
Delete this message
Reply to this message
Author: Karl Schmidt
Date:  
To: Exim \(E-mail\)
Subject: [Exim] CRAM-MD5 TLS painfully generated sample conf file

On Sun, 7 Oct 2001, Karl Schmidt wrote:
> * The standard exim.conf file is missing the "end" statement in the
> "Authentication Configuration" section


That's true, but it is assumed at end of file.
[KPS] I'm not positive - but it may have caused a problem?? I'll test when I
bring up the next server.
> * auth_hosts and authenticate_hosts seem to be two different statements.
> authenticate_hosts seems to need to be in the SMTP section for clients -
> auth_hosts returns an error. ???


This is all in the documentation.
1.    auth_hosts is a main option which is relevent when Exim is a server.
2.    authenticate_hosts is an option of the smtp transport, which is
relevant when Exim is a client.
So you need to set whichever one (or both) that is relevant to what you
are doing with Exim.


However, I can see that this is confusing because of the different
names. I should probably make them the same in Exim 4, and "auth_hosts"
seems like the better choice.
[KPS] I sure hope I don't sound like I'm complaining - I really just want to
provide some humble feedback to help improve the documentation. I did read
the material both from the book and the manual several times. (I even
printed out the manual and had it bound<grin-but I'm not kidding>)
In particular the section "Configuring Exim to Use TLS as a Client" (pg 371
of the book) neglects to mention a few things, including the fact that you
have to set authorized_hosts! It also isn't clear that you have to set
things in both areas - it seemed natural to think that the global settings
would apply there unless overridden.
I may have set more things than are needed in the sample conf - if you could
look it over so I can post it for others.
I already figured out that you don't really need to set the cipher type -
openssl will do what it wants if unset (and after reading about the ciphers
for a couple of hours I still don't have any idea about performance vs
security - if someone would clue me in on which ones to try (there are too
many to do them all) I could bench mark performance difference of the
important ones). (This application, BTW will become quite common with the
edicts that the credit card companies have put out about not passing numbers
in the clear. I'm not so sure it will get used for everyday E-mail very
soon.)
A sample conf would have done wonders - I searched the web for hours looking
for one and never found a complete one - I did find a posting on a debian
site that provided the authorized_hosts clue. Perhaps a chapter worth of
cookbook configs would be a great addition for the 2nd addition of your
book. A flow chart of how an email get processed showing what section of the
config it is going through would have helped me get started. I'll "put my
money where my mouth is" and hereby offer to read and edit any new docs you
write from the point of view of a small user. (I will guess there will end
up being 20 small users for every large user running exim - and they will be
helped by cookbook examples.) (I have already added extra docs to the RPM I
made and it does things like set up a cron to run exim_tidy_db and fixes a
few install details. I even added an index to the contributed conf section.)
I am now banging my head against the wall every few minutes trying to get a
perl script to generate a db of keys to block. I have a VB script (which is
doing wonders) that collects IPs from spam that a user moves into a "dump
spam folder in outlook" (available GNU at http:xtronics.com) .These ips gets
saved in a text file on the server and exim blocks them. - the perl script,
as of now, removes duplicates and expands 123.456.789.123/23 ips to list
every one for the db. (It will eventually recognize blocks of IPs that have
more than 60% sending spam and block the whole block.)
But the problem is that the DB I create with perl won't work with exim with
either
host_reject = dbmnz;/etc/exim/blocked_ip.db or
host_reject = dbm;/etc/exim/blocked_ip.db

Seems to be a dbm version problem with perl - I'm trying "use BerkeleyDB;
next - any clues would be appreciated.
(BTW - once Exim-4 comes out this will evolve into the full bore Spam IP
managing system that I proposed - the DB will eventually store the body of
the spam, who submitted it, how many rejects for that IP occurred, etc. so
that bounce messages will have an url that will serve up a page showing all
the info. and will also generate a rbl )



------------------------------------------------
Karl Schmidt (ks150)     EMail Karl@???
Transtronics, Inc.       WEB http://xtronics.com
3209 West 9th Street     Ph(785) 841-3089
Lawrence, KS 66049       FAX(785) 841-0434




--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##