Re: [exim] smtp authentification with exim

Top Page
Delete this message
Reply to this message
Author: Christian Schmidt
Date:  
To: exim-users
Subject: Re: [exim] smtp authentification with exim
Hello rezeaux,

rezeaux, 20.01.2007 (d.m.y):

> Thank you. this is what i have put in my /etc/exim4/exim4.conf.template
> but my server still continues to relay messages sent by unknown users.
>
>  plain_server:
>    driver = plaintext
>    public_name = PLAIN
>    server_condition = "${if
> crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{/etc/passwd}{$value}{*:*}}}}}{1}{0}}"
>    server_set_id = $2
>    server_prompts = :
>    .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>    server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>    .endif
>  login_server:
>    driver = plaintext
>    public_name = LOGIN
>    server_prompts = "Username:: : Password::"
>    server_condition = "${if
> crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/passwd}{$value}{*:*}}}}}{1}{0}}"
>    server_set_id = $1
>    .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>    server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>    .endif


You query /etc/passwd for passwords, but today's UNIY-like operating
systems don't put any passwords in that file. They use /etc/shadow
instead.
But also when making aexim query /etc/shadow you'll probably run into
problems because only root should be allowed to read that file, and
making it readable for the user exim is running as isn't that goog,
either.

I'd recommend using something like saslauthd instead.

Gruss/Regards,
Christian Schmidt

-- 
Wer den Neid nicht ertragen kann, muß auch den Ruhm nicht wollen.
        -- Ernst Raupach