RE: [Exim] SMTP and authentication

Top Page
Delete this message
Reply to this message
Author: Rich
Date:  
To: exim-users
Subject: RE: [Exim] SMTP and authentication
I believe you also need a LOGIN authenticator, which is what Eudora and
some other clients seem to expect. Here are our two authenticators, but
we use LDAP for authentication:

#### AUTHENTICATION ####

begin authenticators

# Netscape needs PLAIN
fixed_plain:
    driver = plaintext
    public_name = PLAIN
    server_condition = ${if
ldapauth{user="uid=${quote_ldap:$2},ou=people,dc=ourdomain,dc=com"
pass="$3" ldap:///}{yes}{no}}
    server_set_id = $2


# Eudora, etc expect LOGIN
fixed_login
    driver = plaintext
    public_name = LOGIN
    server_condition = ${if
ldapauth{user="uid=${quote_ldap:$1},ou=people,dc=ourdomain,dc=com"
pass="$2" ldap:///}{yes}{no}}
    server_set_id = $1


### END AUTHENTICATION ####

We defined ldap_default_servers in our general options, so we can just
use "ldap:///". Hope this helps someone.

Rich
richs@???

-----Original Message-----
From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On
Behalf Of Giuliano Gavazzi
Sent: Thursday, December 12, 2002 3:59 PM
To: Jonas Jacobsson; exim-users@???
Subject: Re: [Exim] SMTP and authentication


At 21:52 +0100 2002/12/12, Jonas Jacobsson wrote:
>Hi,
>
>How should I configure Exim if I want to be able to relay mail for
>authenticated users? How should the authentication block lock like?
>
>I don't understand how it works. I've tried to read the docs, but it
>doesn't help me much.
>
>I'm trying to send mail from Mozilla via Exim SMTP server.


You should put this somewhere in your conf (for instance just before the
acl section):

tls_advertise_hosts = *
tls_certificate = /path/to/your/cert.pem

(this contains both server cert and key)
You can find the instructions to generate this either somewhere on the
eudora site (for qpopper) and even in the mod_ssl docs, I think.

Early in the rcpt acl add:

accept authenticated = *

and add the authentication configuration at the end of the conf file:

begin authenticators

plain:
   driver = plaintext
   public_name = PLAIN
   server_condition = "${if and {{!eq{$2}{}}{!eq{$3}{}} \
                           {crypteq{$3}{${extract{1}{:} \
{${lookup{$2}lsearch{/etc/passwd}{$value}{*:*}}}}}}}{1}{0}}"
   server_set_id = $2


[btw, why is this condition in double quotes?]
you need /etc/passwd to contain the passwords (!), on many systems this
is actually /etc/master.passwd, but it is not readable by exim. So make
a copy in a safe place and chown it so that it is readable.

I do not know how Mozilla behaves, Eudora had my root certificate
installed when I checked mail (secure pop). Or at least I think it went
that way.

You could probably even install the certificate in the browser using a
cgi on a web server. Look for loadCAcert.pl on the web.

I hope this helps.

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##