Re: [Exim] SMTP auth

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Giuliano Gavazzi
Ημερομηνία:  
Προς: pelle, exim-users
Αντικείμενο: Re: [Exim] SMTP auth
At 11:54 +0100 2002/12/19, pelle wrote:
>This is a multi-part message in MIME format.
>--
>[ Picked text/plain from multipart/alternative ]


I can see you use overlook..

>Hello.
>I want to make all connections on our outgoing smtp server to
>authenticate first with SMTP auth.
>All our clients use outlook (express, 2000, xp...)
>Is there someone out there who can tell me if this configuration
>will work (or how to fix it)
>configure file below, just some areas that I'm not sure on how they work.
>We store usernames and passwords in mysql.
>I've compiled exim with both mysql support and auth support.
>Do I need to change the ACL section? do I need both acl_smtp_rcpt
>and acl_smtp_auth when I only want to accept authenticated
>connections?


you do not need acl_smtp_auth. You might want to use it so that
plain/login auth over non ssl connections are refused (just an after
the fact safety measure, but at least you know when a client is
wrongly configured).

>I really have not done much with exim so please don't laugh:) I
>probably got all very wrong.:)


I will only laugh if you say something funny.

>Note that i did not submit entire configuration file.....everything
>else is pretty straightforward stuff..
>
>###main##
>
>domainlist local_domains = "foo.bar.net:\
>mysql;select distinct domain from mail where domain='$domain'"
>
>
>acl_smtp_rcpt = acl_check_rcpt
>acl_smtp_auth = acl_check_auth


why do you declare acl_smtp_auth and do not define it (below)?

>###ACL section###
>begin acl
>
>acl_check_rcpt:
>accept authenticated = *


this is good.

>accept  hosts = :
>deny    local_parts   = ^.*[@%!/|]
>accept  local_parts   = postmaster
>domains       = +local_domains
>require verify        = sender
>accept  domains       = +local_domains
>           endpass
>           message       = unknown user
>           verify        = recipient
>  accept  domains       = +relay_to_domains
>           endpass
>           message       = unrouteable address
>           verify        = recipient
>accept  hosts         = +relay_from_hosts
>  deny    message       = relay not permitted

>


haven't checked the above.

>#####AUTHENTICATION CONFIGURATION ##########
>
>begin authenticators
>acl_check_auth:
>
>login:
>         driver = plaintext
>         public_name = LOGIN
>         server_condition = ${lookup mysql{select password from users
>where username = '${local_part:$1}'}}}{1}{0}}
>         server_set_id=$1

>
>plain:
>         driver = plaintext
>         public_name = PLAIN
>         server_condition = ${lookup mysql{select password from users
>where username = '${local_part:$1}'}}}{1}{0}}
>         server_set_id=$1

>
>
># End



I now see where the acl_check_auth has gone (not that yours is an
acl)... This is not an authentication configuration, so you will not
authenticate anything!
You haven't read the many messages on SMTP AUTH of the last few days,
have you...

I will not translate my lookup but you want something like:

begin authenticators

plain:
   driver = plaintext
   public_name = PLAIN
   server_condition = "${if and {{!eq{$2}{}}{!eq{$3}{}}\
                           {crypteq{$3}{${lookup netinfo {. /users/$2
passwd 0} {$value}{*}}}}}{1}{0}}"




login:
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   server_condition = "${if and {{!eq{$1}{}}{!eq{$2}{}} \
                           {crypteq{$2}{\
${lookup netinfo {-t localhost/local /users/$1 passwd 0} \
        {$value}{*}}}}}}{1}{0}}"



your have just to rewrite my '${lookup netinfo' with your '${lookup
mysql' taking into account that the username in plain is $2 while it
is $1 in login.

If you still have trouble you might want to try to disable one of the
two methods and see.

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/