Re: [exim] Why doesn't Exim authenticate against IMAP direct…

Top Page
Delete this message
Reply to this message
Author: Lanny Jason Godsey
Date:  
To: Marc Perkel
CC: exim-users
Subject: Re: [exim] Why doesn't Exim authenticate against IMAP directly?

If you're going to go through the trouble of making an IMAP
authenticator, maybe this will give you some help.

First, the reason I think it's a bad idea is that it adds complexity,
and isn't a standard practice.

That said, I'd look into setting up perdition to use as a IMAP proxy
which has it's own rules for which backend server to send requests for
authentication. Perdition will also auto append, strip domains etc.

Second, I'd use the power of Exim's embedded perl and make something
with Imap::Simple

perl_startup = do '/etc/exim/perl.pl'

*** contents of /etc/exim/perl.pl ***
#!/usr/bin/perl

use Net::IMAP::Simple;

sub imapLogin {
    my $account = shift;
    my $password = shift;


    # open a connection to the IMAP server
    my $server = new Net::IMAP::Simple( '127.0.0.1' ); # run Perdition
on localhost.


    # login, if success return 1 (true?) and 0 (false?)
    if ($server->login( $account, $password )) {
       return 1;
    } else {
       return 0;
    }


    $server->close();


}

*** end perl.pl ***

then for authenticators something like:

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if ${perl imapLogin{{$1}{$2}} {1}}}"
server_set_id = $1

Now, I'm not a perl monk or exim wizard, but I think the general idea
is sound.

I hope someone with more knowledge will reply to this and give any
pointers just so the mail archive is complete.

--- Marc Perkel <marc@???> wrote:

> Maybe I'm missing something about why this won't work but it seems to
> me
> like it would be a good feature.
>
> I am currently using Cyrus SASL to do Exim SMTP athentication. It's
> configured to do an IMAP call so anyone who has an IMAP account can
> use
> their IMAP login name and password to send email through Exim.
>
> So - why use SASL? Why not have Exim talk directly to the IMAP port
> and
> attempt to authenticate? If is succeeds then it lets the user send
> email. Seems simple enough - so why wouldn't this be as easy as I
> think
> it is?
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>