Re: [Exim] Exim 4.10 on OS X Server - Relay Problems

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Giuliano Gavazzi
Datum:  
To: dave, exim-users
Betreff: Re: [Exim] Exim 4.10 on OS X Server - Relay Problems
I think there's a problem with your authenticators configuration.

At 1:32 -0800 2003/01/01, <dave@???> wrote:
[...]
>######################################################################
>#                   AUTHENTICATION CONFIGURATION                     #
>######################################################################

>
># There are no authenticator specifications in this default configuration
>file.
>
>begin authenticators
>fixed_plain:
>    driver = plaintext
>    public_name = PLAIN
>    server_condition = ${if crypteq{$3}
>{${extract{1}{:}{${lookup{$2}lsearch{/etc/relayers}{$value}}}}}{yes}{no}
>    server_set_id = $2


the PLAIN you defined presumes that /etc/relayers is in the format:

username:password:...
where the password is encrypted. In MacOSX passwords are usually
stored in NetInfo, so I guess you must have done nidump passwd . >
/etc/relayers.
This is inconvenient as you must dump the passwd format every time
you add a user.

>fixed_cram:
>    driver = cram_md5
>    public_name= CRAM-MD5
>    server_secret = ${lookup{$1}lsearch{/etc/relayers}{$value}{fail}}
>    server_set_id = $1


CRAM-MD5 as far as I know expects the password in clear in the
server_secret, so here /etc/relayers is of the form:

username    password


where the password is in clear.

>login:
>    driver = plaintext
>    public_name = LOGIN
>    server_prompts = "Username:: : Password::"
>    server_condition = ${if
>eq{$2}{${lookup{$1}lsearch{/etc/relayers}{$value}{no}}}{yes}{no}}
>    server_set_id = $1


you have LOGIN defined in a way that is consistent with the CRAM-MD5 above.

Both CRAM-MD5 and LOGIN above are not very useful: there is no way
for a user to change password and passwords are stored in clear.
Since most email programs use the same username/password settings for
sending and checking email, you will have to find a way to have the
pop3 and imap4 server use those.

A solution would be to query netinfo directly instead of using
lsearch. I have written a netinfo lookup function that I use
regularly on my server. For two reasons I have not yet sent Philip
the source.
First, because I am not yet sure how to deal with the Apple open
source license as I have taken inspiration from their niutil code.
Second, because it does not work well with a custom lookupd
configuration, one that looks not only in NetInfo for users would
indeed be incompatible with a netinfo only lookup.
In a way the netinfo lookup might be more appropriate to store other
data like virtual domains/ aliases/ blacklisted users/domains etc. I
have still to add a create and delete functionality to make that
possible.

What I find strange is that exim has no built in getpwnam
functionality. Isn't that a feasable way to access passwords on any
Unix-like system or do PAM and other methods break it?

Finally you might be able to use PAM on MacOSX, all the files seem to
be there..


Giuliano

># End of Exim configuration file
>
>Any help is appreciated.
>
>Thanks in advance,
>
>Dave



--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/