--
Hello list,
Just before you emabrk on your weekend proper, I have TWO major questions on
SMTP AUTH, one on 3.33 and the other on 3.952 (aka 4 beta)
On Exim-3.33 I have a working AUTH setup which correctly handles users who
are in my /etc/passwd. Maybe I need to say the users use username:encryptedpasswd
pair to AUTH.
I have another set of users, virtual in this case, using username@domain:encryptedpasswd
pair and the usernames/passwords are in MySQL database. Exim already has access to this
database. My questions on this are:
1. Is it possible to configure authenticators for these users in Exim-3.33? I am not
a database guru and the much I know is just the HOWTOs that I read to setup Exim
and TPOP3D. I scanned the archives
2. Is it possible also to setup authenticators for them in Exim-4?
3. On Exim-4: I built this from the FreeBSD ports and I checked the Local/Makefile
and saw the authenticators were compiled into the exim binary.
Exim-4 being new as it is, I haven't managed to get authentication working on my
test box. I have defined acl smtp_auth and also defined the authenticators (actually
they were left in place by the convert script). Exim-4 runs on the test box but when
I telnet to it and issue EHLO I don't see it advertising AUTH. I've scanned spec.txt
but seems I am missing something major.
My Exim-4 configure file is attached. Sorry I forgot to do it in the previous post.
If anyone can point me in the right direction, I'll be greatly obliged.
-Wash
S y s t e m s A d m i n.
--
Odhiambo Washington <wash@???> "The box said 'Requires
Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,'
Tel: 254 2 313985-9 Fax: 254 2 313922 so I installed FreeBSD."
GSM: 254 72 743 223 GSM: 254 733 744 121 This sig is McQ! :-)
++
It is impossible to experience one's death objectively and still carry
a tune.
-- Woody Allen
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
----- End forwarded message -----
-Wash
S y s t e m s A d m i n.
--
Odhiambo Washington <wash@???> "The box said 'Requires
Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,'
Tel: 254 2 313985-9 Fax: 254 2 313922 so I installed FreeBSD."
GSM: 254 72 743 223 GSM: 254 733 744 121 This sig is McQ! :-)
++
People who are funny and smart and return phone calls get much better
press than people who are just funny and smart.
-- Howard Simons, "The Washington Post"
--
#!!# This file is output from the convert4r4 script, which tries
#!!# to convert Exim 3 configurations into Exim 4 configurations.
#!!# However, is is not perfect, especially with non-simple
#!!# configurations. You must check it before running it.
#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message
#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used to control the ETRN, EXPN, and VRFY commands.
#!!# Where no ACL is defined, the command is locked out.
acl_smtp_etrn = check_etrn
#!!# Access Control Lists for SMTP AUTH
acl_smtp_auth = smtp_auth
#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.
domainlist local_domains = @ : \
@[] : \
localhost : \
beastie.wananchi.com : \
lsearch;/usr/local/etc/exim/relay : \
partial-lsearch;/usr/local/etc/exim/tpc.domains
domainlist relay_domains = lsearch;/usr/local/etc/exim/relay : \
lsearch;/usr/local/etc/exim/static : \
lsearch;/etc/virtual/domains
hostlist relay_hosts = +include_unknown : \
62.8.64.0/24 : \
62.8.65.0/24 : \
62.8.66.0/24 : \
62.8.67.0/24 : \
62.8.68.0/24 : \
62.8.69.0/24 : \
212.49.74.0/25 : \
192.168.0.2/32
hostlist auth_relay_hosts = *
#!!# All previous logging options are combined into a single
#!!# option in Exim 4. This setting is an approximation to
#!!# the previous state - some logging has changed.
log_selector = \
-retry_defer \
-skip_delivery \
+address_rewrite \
+all_parents \
+arguments \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_connection \
+smtp_syntax_error
# Do filtering
#!!# message_filter renamed system_filter
system_filter = /usr/local/etc/exim/exim-filter
message_body_visible = 8000
system_filter_file_transport = address_file
system_filter_pipe_transport = address_pipe
system_filter_reply_transport = address_reply
######################################################################
# Runtime configuration file for Exim #
######################################################################
primary_hostname = beastie.wananchi.com
qualify_domain = beastie.wananchi.com
qualify_recipient = beastie.wananchi.com
# Exim user and those whose uids no delivery should occur.
exim_user = mailnull
exim_group = mail
never_users = root : mailnull
#!!# auth_always_advertise converted to auth_advertise_hosts
auth_advertise_hosts = !+relay_hosts : +auth_relay_hosts
# Some operating systems use the "gecos" field in the system password file
# to hold other information in addition to users' real names. Exim looks up
# this field when it is creating "sender" and "from" headers. If these options
# are set, exim uses "gecos_pattern" to parse the gecos field, and then
# expands "gecos_name" as the user's name. $1 etc refer to sub-fields matched
# by the pattern.
gecos_pattern = ^([^,:]*)
gecos_name = $1
# This string defines the contents of the \`Received' message header that
# is added to each message, except for the timestamp, which is automatically
# added on at the end, preceded by a semicolon. The string is expanded each
# time it is used.
received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
${if def:received_protocol {with ${received_protocol}}} \
(Exim ${version_number} #${compile_number} (FreeBSD))\n\t\
id ${message_id}\
${if def:received_for {\n\tfor <$received_for>}}"
host_lookup = *
smtp_banner = $primary_hostname ESMTP Exim \
${version_number} #${compile_number} ${tod_full} ${lookup{$sender_host_address} \
lsearch* {/usr/local/etc/exim/bannerversion} \
{${expand:$value}}}
errors_reply_to = admin@???
delay_warning = 0h
no_prod_requires_admin
no_queue_list_requires_admin
message_size_limit = 10M
return_size_limit = 5k
auto_thaw = 1h
queue_smtp_domains = lsearch;/usr/local/etc/exim/static
smtp_etrn_command = "/usr/local/sbin/exim -R \"${if match {$domain} {^[@#]} {${substr_1:$domain}} {$domain}}\""
smtp_accept_max = 100
smtp_accept_max_per_host = 10
smtp_accept_reserve = 10
smtp_accept_queue_per_connection = 120
remote_max_parallel = 2
smtp_connect_backlog = 50
split_spool_directory
timeout_frozen_after = 2d
ignore_bounce_errors_after = 0s
#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3 #!!#
#!!# policy control options. #!!#
#!!#######################################################!!#
#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.
begin acl
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages
accept hosts = :
deny hosts = 209.225.6.125:209.225.6.106:209.225.6.117:209.225.6.112:209.225.6.111:209.225.41.205:63.103.129.9:207.61.57.125:203.122.3.153:207.241.178.129:202.86.149.133:207.241.178.132: \
207.241.178.102:207.241.178.164:196.40.39.157:207.155.198.87:210.24.180.17:210.10.90.72:212.186.146.248:216.242.135.:202.86.131.9:203.1.24.64:213.120.126.30
deny message = host is listed in $dnslist_domain
dnslists = blackholes.mail-abuse.org:relays.mail-abuse.org:dialups.mail-abuse.org
deny senders = partial-lsearch;/usr/local/etc/exim/badsenders
require verify = sender
deny message = unrouteable address
!verify = recipient
accept domains = +local_domains
accept domains = +relay_domains
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
#!!# ACL that is used after the DATA command
check_message:
require verify = header_syntax
accept senders = !:
require verify = header_sender
accept
## Deny if the local part contains @ or % or / or | or !.
deny local_parts = ^.*[@%!/|]
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
accept local_parts = postmaster
domains = +local_domains
#!!# ACL that is used after the ETRN command
check_etrn:
accept hosts = 62.8.64.0/24 : 62.8.65.0/24 : 62.8.66.0/24 : 62.8.67.0/24 : 212.49.74.0/25
#!!# ACL that is used for SMTP AUTH
smtp_auth:
accept hosts = 62.8.64.0/24 : 62.8.65.0/24 : 62.8.66.0/24 : 62.8.67.0/24 : 62.8.68.0/24 : 62.8.69.0/24 :212.49.74.0/25
# AUTHENTICATION CONFIGURATION
# There are no authenticator specifications in this default configuration file.
## new auth section ##
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_mail_auth_condition =
server_set_id = $2
client_send =
server_condition = ${if crypteq{$3}{${lookup{$2}lsearch{/etc/exim/authtab}{$value}}}{1}{0}}
server_prompts =
login:
driver = plaintext
public_name = LOGIN
server_mail_auth_condition =
server_set_id = $1
client_send =
server_condition = ${if crypteq{$2}{${lookup{$1}lsearch{/etc/exim/authtab}{$value}}}{1}{0}}
server_prompts = Username:: : Password::
cram:
driver = cram_md5
public_name = CRAM-MD5
server_mail_auth_condition =
server_set_id = $1
client_name =
client_secret =
server_secret = ${lookup{$1}lsearch{/etc/exim/authtab-cram_md5}{$value}}
# REWRITE CONFIGURATION
# Set of rules for mapping certain local users to some postmasters
# @virtual.domains who do ETRN but don't pop from dialup account
begin rewrite
\N^(beiersdorf)@wananchi\.com$ admin@??? Tt
\N^(lantech)@wananchi\.com$ lantech@??? Tt
\N^(virtualcity)@wananchi\.com$ kkarungu@??? Tt
\N^(mareba)@wananchi\.com$ postmaster@??? Tt
\N^(netsource)@wananchi\.com$ gdanson@??? Tt
\N^(fkfin)@wananchi\.com$ habelm@??? Tt
\N^(postmaster)@kenpoly\.com$ kamlesh@??? Tt
\N^(.*)@wtrl\.or\.ke$ $1@???
# Added by Wash - removes asterisks from Sender and From fields
\N^([^\*]+)\*(.*)@(.*)$ $1@$domain EFs
#!!#######################################################!!#
#!!# Here follow routers created from the old routers, #!!#
#!!# for handling non-local domains. #!!#
#!!#######################################################!!#
begin routers
# This first entry can be used to dump all mail to a well connected host,
# as long as we're allowed relay through.
#smart_route:
# driver = manualroute
# domains = ! +local_domains
# host_find_failed = defer
# route_list = * ns2.wananchi.com bydns_a
# transport = remote_smtp
# Lookups in case there is no smart_route
lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
transport = remote_smtp
# This router routes to remote hosts over SMTP by explicit IP address.
domain_literal:
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
# This router has been added for offloading mail for certain sites to
# better connected hosts and make it their responsibility to deliver to
# the destination.
artificial_route:
driver = manualroute
domains = ! +local_domains
route_data = ${lookup{$domain}lsearch{/usr/local/etc/exim/smtproutes}}
transport = remote_smtp
#Hylafax settings
fax:
driver = manualroute
domains = ! +local_domains
route_list = *.fax
transport = fax
no_more
#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains. #!!#
#!!#######################################################!!#
# This director handles our normal virtual domains
virtual_domains:
driver = redirect
allow_defer
allow_fail
data = ${expand:${lookup{$local_part@$domain}lsearch*@{/usr/local/etc/exim/virtual}}}
retry_use_local_part
# The following will handle any aliases for the special virtual domains
virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${expand:${lookup{$local_part}lsearch*{/etc/virtual/${domain}/aliases}}}
domains = lsearch;/etc/virtual/domains
file_transport = address_file
pipe_transport = address_pipe
qualify_preserve_domain
retry_use_local_part
user = mailnull
# This director allows me to have an individual domain filter for
# each virtual domain.
virtualdomainfilter:
#!!# filter renamed allow_filter
driver = redirect
allow_filter
check_ancestor
no_check_local_user
domains = lsearch;/etc/virtual/domains
no_expn
file = /etc/virtual/${domain}/filter
file_transport = address_file
group = mail
pipe_transport = address_pipe
reply_transport = address_reply
retry_use_local_part
skip_syntax_errors
user = mailnull
no_verify
# This director will handle our system aliases /etc/mail/aliases
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${expand:${lookup{$local_part}lsearch{/etc/mail/aliases}}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
user = mailnull
# User forwards
userforward:
#!!# match_directory option removed
#!!# filter renamed allow_filter
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
# This director matches the virtual local user mailboxes
virtual_localuser:
driver = accept
condition = ${lookup {$local_part} lsearch {/etc/virtual/${domain}/passwd}{$value}}
domains = lsearch;/etc/virtual/domains
retry_use_local_part
transport = virtual_localdelivery
# This director matches local user mailboxes.
localuser:
driver = accept
check_local_user
transport = local_delivery
# VIRTUAL DOMAIN FALLBACK
fallbackdomain:
driver = redirect
allow_defer
allow_fail
condition = ${lookup{$domain}lsearch{/etc/virtual/domainfallback}{$value}}
data = ${lookup{$domain}lsearch{/etc/virtual/domainfallback}{$local_part@$value}{$local_part@$domain}}
retry_use_local_part
user = mailnull
#TPC.INT tpc director
tpc_director:
driver = accept
domains = "partial-lsearch;/usr/local/etc/exim/tpc.domains"
retry_use_local_part
transport = tpc
faxdirector:
#!!# prefix renamed local_part_prefix
driver = accept
condition = ${lookup{$sender_address}lsearch{/etc/fax/faxusers}{yes}{no}}
local_part_prefix = fax-
retry_use_local_part
transport = efaxtransport
efax_rejected:
#!!# prefix renamed local_part_prefix
driver = accept
local_part_prefix = fax-
retry_use_local_part
transport = efax_rejected_user
unseen
no_verify
# TRANSPORTS CONFIGURATION
# This transport is used for delivering messages over SMTP connections.
begin transports
remote_smtp:
driver = smtp
no_delay_after_cutoff
serialize_hosts = *
# This transport is used for local delivery to user mailboxes
local_delivery:
#!!# prefix renamed message_prefix
#!!# suffix renamed message_suffix
#!!# no_from_hack replaced by check_string
driver = appendfile
check_string =
create_directory
delivery_date_add
directory = ${home}/Maildir/
directory_mode = 700
envelope_to_add
group = mail
maildir_format
message_prefix = ""
message_suffix = ""
quota = 30M
no_quota_is_inclusive
quota_warn_message = "\
To: $local_part@$domain\n\
Subject: Your mailbox is almost filled up!\n\n\
This message is automatically created \
by mail delivery software (Exim), your SMTP Server at wananchi.com.\n\
The size of your mailbox has exceeded a warning threshold\n\
set by the System Administrator.\n\
When you receive this message, it means that your current\n\
mailbox size is approaching 30M (MegaBytes). You need to clean up old msgs.\n\
If your e-mail software has a setting that leaves a copy of the message on\n\
the server, please also set the option that deletes the message\n\
from the server when you delete your local copy."
quota_warn_threshold = 75%
return_path_add
# I can also impose quota selectively via the authtab file in the format username:password:quota
# and use this lookup, with a default value of 20M in case a quota isn't specified for a user
# quota = ${extract{2}{:}{${lookup{${local_part}}lsearch{/etc/exim/authtab}{$value}{:20M}}}}
# quota = ${extract{2}{:}{${lookup{${local_part}}lsearch{/mail/conf/${domain}/passwd}{$value}{3M}}}}
# mode = 0660
# mode = 0600
# This transport is used for handling pipe deliveries generated by alias
# or .forward files.
address_pipe:
driver = pipe
return_output
# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
# Should you want to be able to specify either maildir or non-maildir
# directory-style deliveries, then you must set up yet another transport,
# called address_directory2. This is used if the path ends in "//" so should
# be the one used for maildir, as the double slash suggests another level
# of directory. In the absence of address_directory2, paths ending in //
# are passed to address_directory.
address_directory:
#!!# prefix renamed message_prefix
#!!# suffix renamed message_suffix
#!!# no_from_hack replaced by check_string
driver = appendfile
check_string =
delivery_date_add
envelope_to_add
maildir_format
message_prefix = ""
message_suffix = ""
return_path_add
# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.
address_reply:
driver = autoreply
fax:
driver = pipe
command = "/usr/local/bin/faxmail -d ${local_part}@${extract{1}{.}{$domain}}"
home_directory = /usr/local/bin
user = fax
# TPC.INT
tpc:
driver = pipe
command = "/var/tpc/tpcmailer.pl \"${local_part}@${domain}\" \"${sender_address}\""
return_fail_output
user = fax
efaxtransport:
driver = pipe
command = "/usr/local/bin/faxmail -d \"${local_part}\" \"${sender_address}\""
group = uucp
headers_add = "X-FAX-notify: when done"
home_directory = /usr/local/bin
user = fax
efax_rejected_user:
driver = autoreply
file = /etc/fax/warning.txt
file_expand
from = faxmaster@???
log = /var/log/exim/efax_rejectlog
subject = Re: Your Fax to $local_part
to = $sender_address
user = mailnull
# We want to handle some virtual domains in a special way from what
# we have already.
# This transport handles those special cases
virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 700
envelope_to_add
file = /var/spool/virtual/${domain}/${local_part}
group = mail
mode = 0660
return_path_add
user = mailnull
# user = ${extract{2}{:}{${lookup{$local_part} lsearch {/etc/virtual/${domain}/passwd}{$value}}}}
# RETRY CONFIGURATION
# Domain Error Retries
# ------ ----- -------
begin retry
wananchi.com * F,1h,10m
wananchi.co.ke * F,5d,24h
* * F,2h,15m; G,16h,1h,1.5; F,4d,8h
# Immediately bounce messages if mailbox is over quota.
* quota
# End of Exim 4 configuration
--
