Re: [exim] Outlook, Exim and TLS.

Top Page
Delete this message
Reply to this message
Author: Eli Sand
Date:  
To: 'Drew Calcott', exim-users
Subject: Re: [exim] Outlook, Exim and TLS.
Drew wrote:

> I assume there is something wrong with the auth definitions in
> exim.conf...


Notice that Thunderbird used the "plain" authenticator, and Outlook used the
"login" authenticator. Also notice that your code you pasted had "begin
authenticator" - you're missing an "s" at the end of that so it's "begin
authenticators".

Here is a very simple set of authenticators that are known to work with all
email clients:

begin authenticators

plain_login:
        driver                  = plaintext
        public_name             = PLAIN
        server_prompts          = :
        server_condition        = ${lookup {$auth2} lsearch {/etc/exim/auth}
{${if eq {$value}{$auth3} {yes}{no}}}{no}}
        server_set_id           = $auth2


fixed_login:
        driver                  = plaintext
        public_name             = LOGIN
        server_prompts          = Username:: : Password::
        server_condition        = ${lookup {$auth1} lsearch {/etc/exim/auth}
{${if eq {$value}{$auth2} {yes}{no}}}{no}}
        server_set_id           = $auth1


Now, I know this isn't using pam to authenticate, but of more importance is
the return values of the server_condition strings (there's mention of it in
the exim docs too - if you don't do it right, you could expose a security
hole that allows users to authenticate with no username or password. It
happened to me and I was no exim newbie at the time!)

If you're interested, the /etc/exim/auth file is a plaintext file of
"username: password" lines, with the passwords in plain text. Also, our
lines for everything but server_condition are the same, so if you have any
problems, it's in your server_condition lines. Ah, in fact, looking at your
code and output, it seems that for your "login" method, you haven't taken in
to account that the parameter count is different in your server_condition
line. Notice that *you* are using $auth2 and $auth3 in the same way for
both login methods - but if you look at my examples, you see that the
paramaters are different (with "login", $auth1 is the username, $auth2 is
the password).

So, I bet that's your problem - such a long reply for such a simple fix :)
Try changing $auth2 to $auth1, and $auth3 to $auth2.

Eli.