RE: [Exim] Setting up AUTH PLAIN and AUTH LOGIN

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jeff Breitner
Dátum:  
Címzett: 'Rus Foster', exim-users
Tárgy: RE: [Exim] Setting up AUTH PLAIN and AUTH LOGIN
> -----Original Message-----
> From: exim-users-admin@???
> [mailto:exim-users-admin@exim.org] On Behalf Of Rus Foster
> Sent: Thursday, February 27, 2003 6:29 AM
> To: exim-users@???
> Subject: [Exim] Setting up AUTH PLAIN and AUTH LOGIN
>
>
> HI All,
> Does anyone have a nice easy HOWTO on setting up AUTH PLAIN
> and AUTH LOGIN. I've been googling and TBH am getting myself
> more and more confused. I'm running exim 4.12
>



It's actually nicer in 4.x.

In all the examples I've seen, it's handled in the acl_smtp_rcpt ACL.
Be sure to check the kit of many config examples for Exim 4.0; it's very
useful. Here's what mine looks like:

begin acl

check_recipient:

   deny    message = host is listed in $dnslist_domain
           dnslists = relays.ordb.org:sbl.spamhaus.org
   accept hosts = +relay_hosts
   accept authenticated = *
   require verify = recipient
   require verify = sender
   accept domains = +local_domains
   deny  message= We do not relay.


The "accept authenticated" will then require it to use the
authentication handlers. So way down on at the bottom of your config
file, should be your authenticators. Keep in mind that this probably
won't work by plugging it straight in (I can think of one reason -- my
domains file is in the format of <domain>\tauth or <domain>\tno to
enable/deny smtp_auth), but should get you started on showing how I
authenticate based upon authorized domains and then against a typical
user:password file. FWIW, this took a while to tweak and get working
correctly. I eventually starting using the lint checking in my MS Dev
system to make sure I wasn't missing {} before testing.




begin authenticators


plain:
driver = plaintext
public_name = PLAIN
server_condition="${if and
{{eq{${lookup{${domain:$1}}lsearch{/etc/exim/domains}}}{auth}}{crypteq{$
2}{${extract{1}{$

${lookup{${local_part:$1}}lsearch{/developerschoice.net/smtp_auth/users}
{$value}}}}}}} \
                {yes}{no}}"


server_set_id = $1



login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"

server_condition="${if and
{{eq{${lookup{${domain:$1}}lsearch{/etc/exim/domains}}}{auth}}{crypteq{$
2}{${extract{1}{$

${lookup{${local_part:$1}}lsearch{/developerschoice.net/smtp_auth/users}
{$value}}}}}}} \
                {yes}{no}}"


server_set_id = $1



This probably is far from working in anything but plaintext and login
formats. I am thinking CRAM and other methods will require far more
reworking than I'd care to deal with. And in my opinion, if you're
worried about password sniffing on the network, enable SSL/TLS and use
plaintext and login.