Hi everyone,
I am trying to get a simple authenticator working with exim so
the user outside the domain can be allowed to relay emails.
Simple enough there were 10s of examples in this list and on the
web. But apparently I am missing something. :( Exim 4.43 has been
compiled with correct flags. Below is all the related config files and
some debuging info.
here. The user will be using Outlook or Outlook Express to send and
recieve mail. The auth password file is in format user:password and or user
password
Any hint is appriciated on what I am doing wrong
tls_certificate = /usr/exim/cert
tls_privatekey = /usr/exim/key
tls_advertise_hosts = *
auth_advertise_hosts = *
queue_list_requires_admin = false
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_auth = acl_check_auth
acl_smtp_data = acl_check_content
#############
begin acl
acl_check_auth:
accept encrypted = *
deny message = TLS encryption required
acl_check_rcpt:
accept hosts = :
deny local_parts = ^.*[@%!/|]
accept local_parts = postmaster
domains = +local_domains
require verify = sender
accept authenticated = *
...
#############
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = \
${if
eq{$3}{${lookup{$2}lsearch{/etc/smtpauth.conf}{$value}}}{1}{0}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = \
${if eq{$2}{${lookup{$1}lsearch{/etc/smtpauth.conf}{$value}}}{1}{0}}
server_set_id = $1
fixed_cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup{$1}lsearch{/etc/smtpauth.conf}{$value}fail}
server_set_id = $1
DEBUG:
/usr/exim/bin/exim -bh 127.0.0.1
**** SMTP testing session as if from host 127.0.0.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!
>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 127.0.0.1
>>> IP address lookup yielded localhost
>>> gethostbyname looked up these IP addresses:
>>> name=localhost.localdomain address=127.0.0.1
>>> checking addresses for localhost
>>> 127.0.0.1 OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (end of list)
220 dmz.spi.local ESMTP Exim 4.43 Wed, 22 Dec 2004 23:50:29 -0800 ehlo DMZ
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
>>> host in tls_advertise_hosts? yes (matched "*")
250-dmz.spi.local Hello localhost [127.0.0.1]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN CRAM-MD5
250-STARTTLS
250 HELP
AUTH LOGIN AHNwaWF1dGgAc3BpNzY3c3RyZWFt
>>> using ACL "acl_check_auth"
>>> processing "accept"
>>> check encrypted = *
>>> accept: condition test failed
>>> processing "deny"
>>> deny: condition test succeeded
503 TLS encryption required
LOG: H=localhost (DMZ) [127.0.0.1] rejected AUTH LOGIN
AHNwaWF1dGgAc3BpNzY3c3RyZWFt: TLS encryption required accept: condition test
failed
Thanks
Farhad Shakeri