[exim] Multiple types of authentication

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Richard Clayton
Datum:  
To: exim-users
Betreff: [exim] Multiple types of authentication

I have a need to send email out to either an ISP smarthost (which is
Virgin, and they use SSL and LOGIN) and also other email to a different
smarthost which uses TLS and CRAM-MD5

The routing is OK (I use the actual IP rather than 10.0.0.1 of course)

othersmarthost:
driver = manualroute
route_list = +other_smartlist 10.0.0.1
transport = other_smtp

smarthost:
driver = manualroute
route_list = !+nonsmartlist smtp.virginmedia.com
transport = virgin_smtp

and after these two then there's more routers for other complexity, but
don't worry too much, this bit works and the correct messages get given
to the correct transports...

The transports section works just fine to set up two different
destinations (one on port 80 because it's very special):

virgin_smtp:
driver = smtp
port = 465
protocol = smtps
hosts_require_tls = *
hosts_require_auth = *

other_smtp:
driver = smtp
port = 80
hosts_require_tls = *
hosts_require_auth = *

But then I am stuck because I need two authentication sections and
however I juggle them around I get failures from one or the other
machine (or sometimes both):

begin authenticators

smarthost_login:
driver = plaintext
public_name = LOGIN
client_send = : username@??? : password

other_login:
  driver        = cram_md5
  public_name   = CRAM-MD5
  client_name   = otherusername
  client_secret = otherpassword


When I thought I could get away with PLAIN and LOGIN then I had just one
section containing something unreadable like this:

  public_name = ${extract{type}\
         {${lookup{$host}lsearch{/usr/exim/smarthosts}}}}


  client_send = ${if eq {LOGIN}{${extract{type}{${lookup{$host}lsearch{/
usr/exim/smarthosts}}}} }\
                 { : ${extract{user}{${lookup{$host}lsearch{/usr/exim/sm
arthosts}}}} : ${extract{pass}{${lookup{$host}lsearch{/usr/exim/smarthos
ts}}}} }\
                 { ^${extract{user}{${lookup{$host}lsearch{/usr/exim/sma
rthosts}}}}^${extract{pass}{${lookup{$host}lsearch{/usr/exim/smarthosts}
}}} }\
                 }


but once one starts to worry about CRAM-MD5 then one needs client_name
and client_secret lines instead....

What advice can be offered apart from not starting from here ?

TIA
- -- 
richard                                              Richard Clayton


They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin