Re: [Exim] /etc/passwd SMTP auth

Top Page
Delete this message
Reply to this message
Author: Oliver von Bueren
Date:  
To: David
Subject: Re: [Exim] /etc/passwd SMTP auth
David,

>Is there any way possible to use the /etc/passwd file to store user
>information? I've like to do it this way to simplify the process of adding


That's no problem, but make sure you're /etc/passwd has the passwords
and not some other shadow file. My example is for FreeBSD with
master.passwd as the reals pw-file. I've the following at the end of
the config file:

--------------------------------------
######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################


plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = "${if and {{!eq{$2}{}}{!eq{$3}{}} \
              {crypteq{$3}{${extract{1}{:} \


{${lookup{$2}lsearch{/etc/master.passwd}{$value}{*:*}}}}}}}{1}{0}}"
server_set_id = $2

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = "${if and {{!eq{$1}{}}{!eq{$2}{}} \
              {crypteq{$2}{${extract{1}{:} \


{${lookup{$1}lsearch{/etc/master.passwd}{$value}{*:*}}}}}}}{1}{0}}"
server_set_id = $1

end
--------------------------------------

The server_set_id is not needed, I use it to add a header to the
messages which get in that way. If you like that too, just add the
following to local_delivery and remote_smtp transports (must be on one
line!):
---
headers_add = ${if !eq {$authenticated_id}{} {X-Authenticated-Id:
$authenticated_id} }
---

>users. And would anyone have a sample, multi-domain, smtp auth relay config
>they would be willing to share? I'm finding the documentation to be quite
>confusing to say the least.


What do you mean by multi-domain auth relay? You've to enable your
auth config by some combination of auth_always_advertise, auth_hosts
and host_auth_accept_relay and most probably remove/modify
host_accept_relay to stop relaying without auth. This is valid for any
domain you are responsible for. If it works without auth now it will
work with it too, given the above changes are correct.

BTW: Make sure you've compiled auth support into exim,
Local/Makefile:

AUTH_PLAINTEXT=yes

If you need CRAM MD5 too (RFC 2195), also uncomment AUTH_CRAM_MD5=yes.


       Cheers,
       Oliver