For those of you who wanted to know what the solution was here is a
detailed note for your info. This will allow you to do authenticated
smtp over ssl with the standard exim just using pam.
Exim 4.x
courier imap
Compiling exim
The following settings need to be set
AUTH_PLAINTEXT=yes
SUPPORT_TLS=yes
TLS_LIBS=-lssl -lcrypto
TLS_LIBS=-L/usr/local/openssl/lib -lssl
TLS_INCLUDE=-I/usr/local/openssl/include/
SUPPORT_PAM=yes
EXTRALIBS=-lpam
----------------------------
In the exim config file
tls_advertise_hosts = *
tls_certificate = /usr/lib/courier-imap/share/imapd.pem
(note I am using the certificate that courier installs for itself)
auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
(This means only connections over ssl will be offered authentication)
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1
-------------------------------
Also I have exim run as group exim this group needs read access on
/etc/shadow
/usr/lib/courier-imap/share/imapd.pem
(this is the certificate file, (again) one that courier imap creates)
/etc/pam.d/exim (this is really important or you will get the error
535 Incorrect authentication data (set_id=ron)
-------------------------------
contents of /etc/pam.d/exim
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3
type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
--------------------------
With the above we are able to do authenticated smtp using standard out
of the box exim and the standard pam modules that come with linux.
So no need for sassl authd or pam_exim or anything else, it all just
works.
Hope this is cluefull to those of you trying to do the same.
Ron
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329