[exim] Assistance with authenticator syntax, please.

Top Page
Delete this message
Reply to this message
Author: nick
Date:  
To: exim-users
Subject: [exim] Assistance with authenticator syntax, please.
Greetings list,

After several days of frustrated googling and rtfm'ing I am at a loss
and this throw myself upon the mercies of this list.
My Exim foo is pretty weak when it comes to the more complex syntax.

I have inherited a fairly complex Exim/LDAP solution that services 700K+
users.
It allows any user the LDAP tree do do smtp-auth and I am suffering from
spam-by-smtpauth as many of the user passwords
are insufficiently robust and/or the users have their password stolen by
malware.
I would very much like to fix this.

The current authenticator:

    plain:
        driver= plaintext
        public_name = PLAIN
        server_condition = ${if ldapauth \
    {user="cn=${quote_ldap_dn:$2},o=southover,c=uk" \
           pass=${quote:$3} \
           ldap://ldap.southover.net/}{yes}{no}}
        server_set_id=$2



In the LDAP tree there is to be an attribute 'smtpauth' which is set
TRUE or FALSE by our control panel.

    dn: cn=xelp,o=southover,c=uk
    cn: xelp
    objectClass: popperson
    objectClass: radiusprofile
    mainmail: xelp@???
    enabled: TRUE
    maildrop: /mailstore/a/b/5/xelp/
    *smtpauth**: TRUE*
    mail: xelp@???


I want to use this to configure Exim to only allow smtp-auth from
specified users rather than every user.
According to my logs there are only about 1500 users that require
smtp-auth from non-local networks.

But I am unable to figure out the correct syntax required in the
plaintext authenticator - exim just barfs with my every feeble attempt.

I would like to do something like this:

server_condition = if
                         #check the smtpauth flag for TRUE
                                 lookup 
ldap{ldap:///o=southover,c=uk?mail?sub? (& 
(cn=${quote_ldap_dn:$1})(smtpauth=${quote_ldap:TRUE}))}
                     and
                         #can this user do ldapauth:
ldapauth{user="cn=${quote_ldap_dn:$1},o=southover,c=uk" pass=${quote:$2} 
ldap://ldap.southover.net/}



I would be eternally grateful for any assistance.

many thanks for reading.
n.