Re: [exim] smtp authentification with exim

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Christian Schmidt
Date:  
À: exim-users
Sujet: Re: [exim] smtp authentification with exim
Hello rezeaux,

rezeaux, 20.01.2007 (d.m.y):

> Thank you. this is what i have put in my /etc/exim4/exim4.conf.template
> but my server still continues to relay messages sent by unknown users.
>
>  plain_server:
>    driver = plaintext
>    public_name = PLAIN
>    server_condition = "${if
> crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{/etc/passwd}{$value}{*:*}}}}}{1}{0}}"
>    server_set_id = $2
>    server_prompts = :
>    .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>    server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>    .endif
>  login_server:
>    driver = plaintext
>    public_name = LOGIN
>    server_prompts = "Username:: : Password::"
>    server_condition = "${if
> crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/passwd}{$value}{*:*}}}}}{1}{0}}"
>    server_set_id = $1
>    .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>    server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>    .endif


You query /etc/passwd for passwords, but today's UNIY-like operating
systems don't put any passwords in that file. They use /etc/shadow
instead.
But also when making aexim query /etc/shadow you'll probably run into
problems because only root should be allowed to read that file, and
making it readable for the user exim is running as isn't that goog,
either.

I'd recommend using something like saslauthd instead.

Gruss/Regards,
Christian Schmidt

-- 
Wer den Neid nicht ertragen kann, muß auch den Ruhm nicht wollen.
        -- Ernst Raupach