Hi,
I am quite new to exim and I am trying to setup encryption + mysql authentication...
While the encryption seems to work, the authentication fails.
Here's what I added to my exim.conf (exim 4.63):
USERCHECK_PLAIN_QUERY = ${lookup mysql {SELECT password FROM emails WHERE login = '$2'} {$value}fail}}{1}{0}"
USERCHECK_LOGIN_QUERY = ${lookup mysql {SELECT password FROM emails WHERE login = '$1'} {$value}fail}}{1}{0}"
...
hide mysql_servers = localhost/accounts/exim/pass
...
tls_advertise_hosts = *
tls_certificate = /etc/pki/tls/certs/exim.pem
tls_privatekey = /etc/pki/tls/private/exim.pem
...
daemon_smtp_ports = 465
tls_on_connect_ports = 465
...
PLAIN:
driver = plaintext
server_set_id = $auth2
server_prompts = :
server_condition = ${if match{$3}{USERCHECK_PLAIN_QUERY}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
LOGIN:
driver = plaintext
server_set_id = $auth1
server_prompts = <| Username: | Password:
server_condition = ${if match{$2}{USERCHECK_LOGIN_QUERY}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }
In my mysql 'emails' table, I have login='test' and password='pass'
And I get:
...
28487 search_open: mysql "NULL"
28487 cached open
28487 search_find: file="NULL"
28487 key="SELECT password FROM emails where login = 'test'" partial=-1 affix=NULL starflags=0
28487 LRU list:
28487 internal_search_find: file="NULL"
28487 type=mysql key="SELECT password FROM emails where login = 'test'"
28487 cached data used for lookup of SELECT password FROM emails where login = 'test'
28487 lookup yielded: pass
28487 LOGIN authenticator:
28487 $auth1 = test
28487 $auth2 = pass
28487 $1 = test
28487 $2 = pass
28487 expanded string: 0
28487 SMTP>> 535 Incorrect authentication data
28487 tls_do_write(830d528, 35)
28487 SSL_write(SSL, 830d528, 35)
28487 outbytes=35 error=0
28487 LOG: MAIN REJECT
28487 LOGIN authenticator failed for (pc-03.test) [127.0.0.1]: 535 Incorrect authentication data (set_id=test)
I also tested the cram-md5 driver (with an md5ed password) but it failed too, even with a correct 'lookup yielded: 1a1dc91c907325c69271ddf0c944bc72'...
Any idea/advice on how to fix it or make it better?
Also, if I select TLS in Thunderbird, it only allows port 25... is this normal?
Thx,
JD