Re: [Exim] SASL authentication on Debian Sarge

Top Page
Delete this message
Reply to this message
Author: Tor Slettnes
Date:  
To: James Herschel
CC: exim-users
Subject: Re: [Exim] SASL authentication on Debian Sarge
On Thu, 2004-06-03 at 09:01, James Herschel wrote:
> What I'd like to do know is enable SMTP-AUTH through SASL as it allows
> me to use /etc/passwd and will allow users to use the server remotely.


Hmm, /etc/password is only used (indirectly) if you set your SASL
backend to something like "pam" or "shadow" (see "MECHANISMS" in
/etc/default/saslauthd).

If you plan on using a SASL password database (and maintain it by way of
the "saslpasswd2" command), you should set this mechanism to "sasldb".
This may be preferrable in a setting where you use Cyrus, and/or don't
want local UNIX accounts for every mail user.

> The problem is that I don't even get to the authentication stage. I
> just get the message that "relaying is not permitted". To me, this says
> that I need to enable something that says "it's ok to relay if someone
> has authenticated, even if they're remote".


Your SMTP client (i.e. Outlook Express, Mail.app, Evolution...) needs
to be configured to do authentication.


> Is this assumption correct? If so, can anyone give me a Debian specific
> example of which file to edit and what changes to make?


I use a SASL database for passwords, and so have in
/etc/default/saslauthd:

START=yes
MECHANISMS="sasldb"


> begin authenticators
>
> plain_saslauthd:
>    driver = plaintext
>    public_name = PLAIN
>    server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>    server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
>    server_set_id = $2
>    server_prompts = :


This looks fine. You may also need a "LOGIN" authenticator for some
SMTP clients (e.g. Apple Mail):

login_saslauthd:
driver = plaintext
public_name = LOGIN
# don't send system passwords over unencrypted connections
server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}{1}{0}}
server_set_id = $1


-tor