[Exim] SASL authentication on Debian Sarge

Top Page
Delete this message
Reply to this message
Author: James Herschel
Date:  
To: exim-users
Subject: [Exim] SASL authentication on Debian Sarge
Howdy,

I've recently set up an Exim 4.3 on Debian Sarge. After wrapping my
head around the split-file configuration I was able to get SpamAssassin
and everything working.

What I'd like to do know is enable SMTP-AUTH through SASL as it allows
me to use /etc/passwd and will allow users to use the server remotely.

- sasld is running and I have added a test user to it
- I _believe_ I have enabled SASL authentication in the Exim4 configuration
- I _believe_ I have followed the README.SMTP-AUTH file correctly (very
short on details)

The problem is that I don't even get to the authentication stage. I
just get the message that "relaying is not permitted". To me, this says
that I need to enable something that says "it's ok to relay if someone
has authenticated, even if they're remote".

Is this assumption correct? If so, can anyone give me a Debian specific
example of which file to edit and what changes to make?

Thanks in advance!

James

Here's the authenticators section of my exim4.conf - I'll plead
ignorance here, i'm not sure what other sections would help. Please let
me know ...

begin authenticators

plain_saslauthd:
driver = plaintext
public_name = PLAIN
server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_set_id = $2
server_prompts = :

cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name =
${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
client_secret =
${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}

plain:
  driver = plaintext
  public_name = PLAIN
  client_send = "${if !eq{$tls_cipher}{}{\
                     ^${extract{1}{::}\


{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
                     ^${extract{2}{::}\


{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
                   }fail}"


login:
  driver = plaintext
  public_name = LOGIN
  client_send = "${if !eq{$tls_cipher}{}{}fail}\
                 : ${extract{1}{::}\


{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
                 : ${extract{2}{::}\


{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"