Re: [Exim] authenticator config problems (newbie)

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Tim Jackson
Date:  
À: exim-users
Sujet: Re: [Exim] authenticator config problems (newbie)
Hi Nikita, on Thu, 15 Apr 2004 10:53:43 -0700 you wrote:

> when i try
> to *send* an e-mail using mozilla and mua tries to connect to smtp
> (port 465) server (ie my exim server), it is asked for a password,
> which is always rejected.

<snip>
> fixed_plain:
>   driver = plaintext
>   public_name = PLAIN
>   server_prompts = :
>   server_condition = \
>     ${if and {{eq{$2}{ph10}}{eq{$3}{secret}}}{yes}{no}}
>   server_set_id = $2


Heh. This is cut-n-pasted from the manual, and is purely intended as an
example. It uses "ph10" and "secret" as the hardcoded username/password
respectively.

(Note to Philip: I have to say that although "ph10" is obviously a
username to you, I think it certainly has the potential for confusion by
new users, by looking like some cryptic part of the expression: perhaps
the above example could be clarified by using "example_username" and
"example_password" for the hardcoded user/pass respectively?)

What you need to do is replace that example condition with something that
looks up the password in a database of some kind (which could be a text
file, DBM file, SQL database, LDAP or whatever). It's entirely up to you
which method it uses to authenticate. Here's a simple example, using
CRAM-MD5, which looks up passwords from a text file
/etc/exim/smtpauth.conf (in the text file, have things like "foo: bar" to
assign the password "bar" to the username "foo"):

cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup{$1}lsearch{/etc/exim/smtpauth.conf}{$value}fai
l}
server_set_id = $1

However, in general, the cryptic-looking stuff contained in these
"lookup"/"server_secret" parameters is something that permeates Exim: it
has some basic concepts like conditions, file/database lookups, and string
expansions, which permeate the whole system and are used repeatedly in the
config. Whilst they can be a bit daunting, it's worth taking the time to
read the book about how to use them, because once you crack them, you
start to really realise (and unlock) the power of Exim.

By way of example, the example above is a slightly atypical example of a
string expansion, being slightly specific to SMTP AUTH, but nevertheless
to give you an idea what I'm talking about, the "server_secret" line above
translates approximately to the following (breaking the line down into
parts, left to right):

${         = expand the following...


lookup{$1} = look up whatever is in variable $1 (username in this case) in
             a database of some kind


lsearch    = the "database" is a text file to be searched linearly


{/etc/exim/smtpauth.conf} = this is the file to search

{$value}   = return the contents of the variable $value (result of the
         search) if it succeeds


fail       = the whole expansion fails if the search fails (which in this
             case will correctly mean the login attempt is rejected)


}          = end of expansion



Basically, if you can grasp the format, you're away: with modifications,
you can apply it to look up pretty much anything in pretty much any kind
of database/text file, and do something with the result. This can be used
in an infinite number of ways, from constructing lists of hostnames to
block, to lists of valid usernames/passwords or many other weird and
wonderful things, of which there are many examples in the archives of this
list.


Tim