Re: [exim] Help Need!! Totally Lost in SMTP plain/login/tls/…

Inizio della pagina
Delete this message
Reply to this message
Autore: F. Mendez
Data:  
To: exim-users
Vecchi argomenti: Re: [exim] Help Need!! Totally Lost in SMTP plain/login/tls/md5-cram connection..
Oggetto: Re: [exim] Help Need!! Totally Lost in SMTP plain/login/tls/md5-cramconnection..
Thanks Phil, already tried it but didn't worked.

Any other possible solutions? At least to have it with TLS and no openrelay
and user/pass combo?




Thanks.



-----Mensaje original-----
From: Phil Pennock
Sent: Saturday, September 08, 2012 12:30 AM
To: F. Mendez
Cc: exim-users@???
Subject: Re: [exim] Help Need!! Totally Lost in SMTP
plain/login/tls/md5-cramconnection..

On 2012-09-07 at 23:20 -0500, F. Mendez wrote:
> I’ve tried ALL wiki and document help from exim.org and can’t make smtp
> login to work. I’ve tried plain text, login. And nothing. I’ve already
> installed cyrus-imap & cyrus-sasl, cyrus-md5, cyrus-sasl-plain....and
> nothing.
>
> I really really need the help of you guys.
>
> If ANYONE may be gentle to help to have exim 4.80 with the following
> working: plain text, login, cram-md5, cram-sh1 and TLS for POP, IMAP and
> SMTP. I would be really thankfull.


I have Cyrus storing authentication data in /usr/local/etc/sasldb2; the
daemons for authentication with Cyrus don't help, because they don't
provide the plaintext password, which is needed for the cram-* methods.

So I use a filesystem ACL (man getfacl(1), setfacl(1)) to grant
user:exim:r-- access to the sasldb2 file, so that the Exim runtime user
can access the file too.

Then in the Exim configuration file (given with "exim --version"), after
the "begin authenticators" line (and before the next "begin" line):

auth_digest_md5:
  driver           = cyrus_sasl
  public_name      = DIGEST-MD5
  server_hostname  = smtp.spodhuis.org
# need the realm used after @ in the sasldb2 file:
  server_realm     = imap.spodhuis.org
  server_advertise_condition = ${if and{\
          {!def:authenticated_id}\
          {forany{465:587}{=={$received_port}{$item}}}\
          {def:tls_cipher}\
          } {yes}{no}}


You can repeat that, with a different public_name (and authenticator
_name_) for other auth methods.

That gets Exim; for POP3 and IMAP, you need to configure Cyrus IMAPd; in
imapd.conf:
  servername:             imap.spodhuis.org
  sasl_pwcheck_method:    auxprop
  sasl_auxprop_plugin:    sasldb


So I think (but it's been years since I set it up) the same servername
from imapd.conf is what you will need to set as the server_realm in
Exim, because it's used in the keys for storing data in sasldb2.

-Phil