[exim] Exim4 + fixed_cram

Top Page
Delete this message
Reply to this message
Author: basti
Date:  
To: exim-users
Subject: [exim] Exim4 + fixed_cram

Hello,
I have installed Exim4 on my Debian Wheezy. All is running fine.
Now I try to use "fixed_cram" authenticator for more security.

/etc/exim4/conf.d/auth/20_vexim_server_auth looks like:

#plain_login:
#        driver = plaintext
#        public_name = PLAIN
##    server_condition = ${lookup pgsql{AUTH_PLAIN_LOOKUP} {yes}{no}}
#    server_condition = ${lookup pgsql{AUTH_PLAIN_LOOKUP} {yes} \
#              {${if
crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}
{yes}{no}}}}
#
#        server_set_id = $2


fixed_login:
        driver = plaintext
        public_name = LOGIN
        server_prompts = "Username:: : Password::"
#    server_condition = ${lookup pgsql{AUTH_LOGIN_LOOKUP} {yes}{no}}
    server_condition = ${lookup pgsql{AUTH_LOGIN_LOOKUP} {yes} \
              {${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{yes}{no}}}}
        server_set_id = $1


fixed_cram:
        driver = cram_md5
        public_name = CRAM-MD5
    server_condition = ${lookup pgsql{AUTH_LOGIN_LOOKUP} {yes} \
                {${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{yes}{no}}}}


        server_set_id = $1


a test connection:

telnet myserver.de 25
Trying 1.1.1.11...
Connected to myserver.de.
Escape character is '^]'.
220 ikarus.myserver.de ESMTP Exim 4.80 Tue, 21 Jan 2014 11:29:21 +0100
ehlo localhost
250-ikarus.myserver.de Hello p578a6f5e.dip0.t-ipconnect.de [1.1.1.1]
250-SIZE 209715200
250-8BITMIME
250-PIPELINING
250-AUTH LOGIN
250-STARTTLS
250 HELP
quit
Connection closed by foreign host.

When I comment out the fixed_login part so that only fixed_cram is
active I get the following "error result":

2014-01-21 11:19:59 H=p578a6f5e.dip0.t-ipconnect.de ([192.1.1.1])
[1.1.1.1] F=<basti@???> rejected RCPT <bastix@???>: relay
not permitted

I think there is something wrong with the login or the database query.
The auth querys are:

AUTH_PLAIN_LOOKUP = SELECT '1' FROM eximusers WHERE
username='${quote_pgsql:$2}' AND clear='${quote_pgsql:$3}'
AUTH_LOGIN_LOOKUP = SELECT '1' FROM eximusers WHERE
username='${quote_pgsql:$1}' AND clear='${quote_pgsql:$2}'
AUTH_CRAM_LOOKUP = SELECT clear FROM eximusers WHERE
username='${quote_pgsql:$1}'

The user Table looks like:

CREATE TABLE eximusers (
    user_id serial NOT NULL,
    domain_id integer NOT NULL,
    localpart character varying(192) NOT NULL,
    username character varying(255) NOT NULL,
    clear character varying(255),
    crypt character varying(48),
    uid integer DEFAULT 65534 NOT NULL,
    gid integer DEFAULT 65534 NOT NULL,
    smtp character varying(255),
    pop character varying(255),
    "type" character varying(8) NOT NULL,
    admin smallint DEFAULT 0::smallint NOT NULL,
    enabled smallint DEFAULT 1::smallint NOT NULL,
    flags character varying(16),
    "forward" character varying(255),
    unseen smallint DEFAULT 0::smallint NOT NULL,
    maxmsgsize integer DEFAULT 0 NOT NULL,
    quota integer DEFAULT 0 NOT NULL,
    realname character varying(255),
    sa_tag smallint DEFAULT 0::smallint NOT NULL,
    sa_refuse smallint DEFAULT 0::smallint NOT NULL,
    tagline character varying(255),
    vacation text,
    vacationsubject character varying(2000),
    CONSTRAINT users_gid CHECK (((uid >= 1) AND (uid <= 65535))),
    CONSTRAINT users_maxmsgsize CHECK ((maxmsgsize > -1)),
    CONSTRAINT users_type CHECK ((((((((("type")::text = 'local'::text)
OR (("type")::text = 'alias'::text)) OR (("type")::text =
'catch'::text)) OR (("type")::text = 'fail'::text)) OR (("type")::text =
'piped'::text)) OR (("type")::text = 'admin'::text)) OR (("type")::text
= 'site'::text))),
    CONSTRAINT users_uid CHECK (((uid >= 1) AND (uid <= 65535)))
);


How can I debug the exim-auth process?
Thanks for any help.

Regards,
Basti