Greetings
Thank you for an EXCELLENT HOWTO. Before I try to re-invent the
wheel, has anyone got this working using a MySQL solution where the user
parameters are kept in the database?
Regards
Michael L Griffin
> -----Original Message-----
> From: Ron McKeating [mailto:R.J.Mckeating@lboro.ac.uk]
> Sent: 15 December 2004 19:03
> To: Exim-Users (E-mail)
> Cc: Alec Edworthy; isss@???
> Subject: [exim] SMTP Authentication out of the box
>
> For those of you who wanted to know what the solution was here is a
> detailed note for your info. This will allow you to do authenticated
> smtp over ssl with the standard exim just using pam.
>
> Exim 4.x
> courier imap
>
> Compiling exim
> The following settings need to be set
>
> AUTH_PLAINTEXT=yes
> SUPPORT_TLS=yes
> TLS_LIBS=-lssl -lcrypto
> TLS_LIBS=-L/usr/local/openssl/lib -lssl
> TLS_INCLUDE=-I/usr/local/openssl/include/
> SUPPORT_PAM=yes
> EXTRALIBS=-lpam
> ----------------------------
>
> In the exim config file
> tls_advertise_hosts = *
> tls_certificate = /usr/lib/courier-imap/share/imapd.pem
> (note I am using the certificate that courier installs for itself)
> auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
> (This means only connections over ssl will be offered authentication)
>
> begin authenticators
>
> plain:
> driver = plaintext
> public_name = PLAIN
> server_prompts = :
> server_condition = "${if pam{$2:$3}{1}{0}}"
> server_set_id = $2
>
> login:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = "${if pam{$1:$2}{1}{0}}"
> server_set_id = $1
> -------------------------------
> Also I have exim run as group exim this group needs read access on
>
> /etc/shadow
> /usr/lib/courier-imap/share/imapd.pem
> (this is the certificate file, (again) one that courier imap creates)
>
> /etc/pam.d/exim (this is really important or you will get the error
> 535 Incorrect authentication data (set_id=ron)
>
> -------------------------------
>
> contents of /etc/pam.d/exim
>
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so
> likeauth nullok
>
> auth required /lib/security/$ISA/pam_deny.so
>
> account required /lib/security/$ISA/pam_unix.so
>
> password required /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> password sufficient /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5shadow
>
> password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_unix.so
>
> --------------------------
>
> With the above we are able to do authenticated smtp using standard out
> of the box exim and the standard pam modules that come with linux.
> So no need for sassl authd or pam_exim or anything else, it all just
> works.
>
> Hope this is cluefull to those of you trying to do the same.
>
> Ron
>
> Ron McKeating
> Senior IT Services Specialist
> Internet Services and Software Solutions
> Loughborough University
> 01509 222329
>
>
> --
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim details
> at http://www.exim.org/ ##
>