Re: [Exim] SMTP and authentication

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Jonas Jacobsson, exim-users
Subject: Re: [Exim] SMTP and authentication
At 21:52 +0100 2002/12/12, Jonas Jacobsson wrote:
>Hi,
>
>How should I configure Exim if I want to be able to relay mail
>for authenticated users? How should the authentication block lock like?
>
>I don't understand how it works. I've tried to read the docs, but
>it doesn't help me much.
>
>I'm trying to send mail from Mozilla via Exim SMTP server.


You should put this somewhere in your conf (for instance just
before the acl section):

tls_advertise_hosts = *
tls_certificate = /path/to/your/cert.pem

(this contains both server cert and key)
You can find the instructions to generate this either somewhere on
the eudora site (for qpopper) and even in the mod_ssl docs, I think.

Early in the rcpt acl add:

accept authenticated = *

and add the authentication configuration at the end of the conf file:

begin authenticators

plain:
   driver = plaintext
   public_name = PLAIN
   server_condition = "${if and {{!eq{$2}{}}{!eq{$3}{}} \
                           {crypteq{$3}{${extract{1}{:} \
{${lookup{$2}lsearch{/etc/passwd}{$value}{*:*}}}}}}}{1}{0}}"
   server_set_id = $2


[btw, why is this condition in double quotes?]
you need /etc/passwd to contain the passwords (!), on many systems
this is actually /etc/master.passwd, but it is not readable by exim.
So make a copy in a safe place and chown it so that it is readable.

I do not know how Mozilla behaves, Eudora had my root certificate
installed when I checked mail (secure pop). Or at least I think it
went that way.

You could probably even install the certificate in the browser using
a cgi on a web server. Look for loadCAcert.pl on the web.

I hope this helps.

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/