Re: [exim] Configuring Exim as an SMTP AUTH client only

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dan
Date:  
À: exim-users
Sujet: Re: [exim] Configuring Exim as an SMTP AUTH client only
Thanks, Phil. I tried your suggestion but still no luck - the config
file that came with the version of Exim I'm using had 'client_auth'
instead of 'auth_cram' but I tried both.

Allow me to post some output in case anyone can spot something out of
the ordinary. Below is the output of my telnet connection to my ISPs
mail relay, the output of "exim -bV", the output of my telnet connection
to my own Exim instance, and my exim.conf file. Names & IPs used for
obfuscation: myhost, mydomain.org, isp-relay.org, 1.2.3.4, 2.3.4.5.
Also, I left out the ACL section of exim.conf because I didn't change it
from default and it took up a lot of space. Most of exim.conf is
default anyway, with the exception of changes I made to
primary_hostname, dnslookup (which I commented out based on the
commented instructions in exim.conf), smarthost, remote_msa, and
client_auth. Also, for the record, I am using Mutt as my MUA and I can
receive mail there from my gmail account, but sending mail gives me no
errors in the form of a returned message or anything in exim's log
files.

[me@myhost ~]$ telnet mx.isp-relay.org 587
Trying 1.2.3.4...
Connected to mx.isp-relay.org.
Escape character is '^]'.
220 remotehost.isp-relay.org ESMTP Sendmail 8.14.5/8.14.3; Thu, 3 May
2012 14:45:33 GMT
ehlo localhost
250-remotehost.isp-relay.org Hello pool-2-3-4-5.bstnma.btas.verizon.net
[2.3.4.5], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE 100000000
250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN NTLM
250-DELIVERBY
250 HELP
quit
221 2.0.0 remotehost.isp-relay.org closing connection
Connection closed by foreign host.

[me@myhost ~]$ exim -bV
Exim version 4.72 #1 built 24-May-2011 17:40:23
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.7.25: (June 4, 2010)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers
OpenSSL Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
OpenSSL compile-time version: OpenSSL 1.0.0-fips 29 Mar 2010
OpenSSL runtime version: OpenSSL 1.0.0-fips 29 Mar 2010
Configuration file is /etc/exim/exim.conf

[me@myhost ~]$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mydomain.org ESMTP Exim 4.72 Thu, 03 May 2012 09:59:47 -0400
ehlo localhost
250-mydomain.org Hello localhost [::1]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
quit
221 mydomain.org closing connection
Connection closed by foreign host.

[me@myhost ~]$ cat /etc/exim/exim.conf
# $Cambridge: exim/exim-src/src/configure.default,v 1.14 2009/10/16
07:46:13 tom Exp $
#                  Runtime configuration file for Exim               #
#                    MAIN CONFIGURATION SETTINGS                     #


primary_hostname = mydomain.org

domainlist local_domains = @ : localhost : localhost.localdomain
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1

acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime

av_scanner = clamd:/var/run/clamd.exim/clamd.sock

tls_advertise_hosts = *

tls_certificate = /etc/pki/tls/certs/exim.pem
tls_privatekey = /etc/pki/tls/private/exim.pem

daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

never_users = root

host_lookup = *

auth_advertise_hosts =

rfc1413_hosts = *
rfc1413_query_timeout = 5s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 7d

#                       ACL CONFIGURATION                            #


# I didn't change anything from default in the ACL config so I removed
it to save space for the purposes of this post

#                      ROUTERS CONFIGURATION                         #


begin routers

#dnslookup:
# driver = dnslookup
# domains = ! +local_domains
# transport = remote_smtp
# ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
# no_more

smarthost:
driver = manualroute
domains = ! +local_domains
transport = remote_msa
route_data = mx.isp-relay.org
no_more

system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe

userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply

procmail:
driver = accept
check_local_user
require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
transport = procmail
no_verify

localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user

#                      TRANSPORTS CONFIGURATION                      #


begin transports


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp

# This transport is used for delivering messages over SMTP using the
# "message submission" port (RFC4409).

remote_msa:
driver = smtp
port = 587
hosts_require_auth = *


# This transport invokes procmail to deliver mail
procmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $local_part
initgroups
return_output

local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660

address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

#                      RETRY CONFIGURATION                           #


begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h


#                      REWRITE CONFIGURATION                         #


begin rewrite

#                   AUTHENTICATION CONFIGURATION                     #


begin authenticators

client_auth:
driver = cram_md5
public_name = CRAM-MD5
client_name = my-username.isp-relay.org
client_secret = my-password

PLAIN:
  driver                     = plaintext
  server_set_id              = $auth2
  server_prompts             = :
  server_condition           = ${if saslauthd{{$2}{$3}{smtp}} {1}}
  server_advertise_condition = ${if def:tls_cipher }


LOGIN:
  driver                     = plaintext
  server_set_id              = $auth1
  server_prompts             = <| Username: | Password:
  server_condition           = ${if saslauthd{{$1}{$2}{smtp}} {1}}
  server_advertise_condition = ${if def:tls_cipher }






On Thu, May 3, 2012, at 03:50 AM, Phil Pennock wrote:
> On 2012-05-02 at 21:18 -0400, Dan wrote:
> > If I want to configure Exim as an SMTP AUTH client (but I don't need an
> > SMTP AUTH server) do I need to install Dovecot or Cyrus (or any other
> > SASL implementation or additional software) or do I simply need to
> > properly configure Exim's config file?
>
> The latter. Probably looking up the password from an external file.
>
> > If there is an example (or tutorial) that might get me going in the
> > right direction for this kind of setup, or if anyone would be willing to
> > give me a general roadmap, I would greatly appreciate it.
>
> You configure something after "begin authenticators", as an
> authentication driver, for the correct SASL method.
>
> For instance, if the server you're talking to "AUTH CRAM-MD5 PLAIN" you
> might configure:
>
> auth_cram:
>   driver        = cram_md5
>   public_name   = CRAM-MD5
>   client_name   = dan
>   client_secret = sekret

>
> In reality, you'll use something like ${lookup...} instead of
> hard-coding passwords in the config file.
>
> -Phil

--
Spam Dan
spamdan@???

--
http://www.fastmail.fm - IMAP accessible web-mail