Ah. Thank you so much. That's got it.
Please excuse my n00bness in all this. :)
Just as a quick follow up, is there a reason why the different clients were
hitting the different auth configs at all? Or is that just "we do it this way
because we want to"?
---
Drew Calcott
Linux System Administrator
Science IT
University of Auckland
(p) +64 9 373 7599 x84269
Eli Sand wrote:
> Drew wrote:
>
>> I assume there is something wrong with the auth definitions in
>> exim.conf...
>
> Notice that Thunderbird used the "plain" authenticator, and Outlook used the
> "login" authenticator. Also notice that your code you pasted had "begin
> authenticator" - you're missing an "s" at the end of that so it's "begin
> authenticators".
>
> Here is a very simple set of authenticators that are known to work with all
> email clients:
>
> begin authenticators
>
> plain_login:
> driver = plaintext
> public_name = PLAIN
> server_prompts = :
> server_condition = ${lookup {$auth2} lsearch {/etc/exim/auth}
> {${if eq {$value}{$auth3} {yes}{no}}}{no}}
> server_set_id = $auth2
>
> fixed_login:
> driver = plaintext
> public_name = LOGIN
> server_prompts = Username:: : Password::
> server_condition = ${lookup {$auth1} lsearch {/etc/exim/auth}
> {${if eq {$value}{$auth2} {yes}{no}}}{no}}
> server_set_id = $auth1
>
> Now, I know this isn't using pam to authenticate, but of more importance is
> the return values of the server_condition strings (there's mention of it in
> the exim docs too - if you don't do it right, you could expose a security
> hole that allows users to authenticate with no username or password. It
> happened to me and I was no exim newbie at the time!)
>
> If you're interested, the /etc/exim/auth file is a plaintext file of
> "username: password" lines, with the passwords in plain text. Also, our
> lines for everything but server_condition are the same, so if you have any
> problems, it's in your server_condition lines. Ah, in fact, looking at your
> code and output, it seems that for your "login" method, you haven't taken in
> to account that the parameter count is different in your server_condition
> line. Notice that *you* are using $auth2 and $auth3 in the same way for
> both login methods - but if you look at my examples, you see that the
> paramaters are different (with "login", $auth1 is the username, $auth2 is
> the password).
>
> So, I bet that's your problem - such a long reply for such a simple fix :)
> Try changing $auth2 to $auth1, and $auth3 to $auth2.
>
> Eli.
>
>
