Penguin
Recent Changes

Differences between version 8 and predecessor to the previous major change of EximSmtpAuth.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 8 Last edited on Wednesday, June 23, 2004 3:13:41 pm by DanielLawson Revert
Older page: version 5 Last edited on Sunday, August 17, 2003 4:05:25 pm by DanielLawson Revert
@@ -1,4 +1,5 @@
+!! Server Setup  
 How I set up exim(8) [SMTP] Auth under Debian. 
  
 First make sure exim is working correctly doing everything but relaying. 
  
@@ -32,8 +33,12 @@
  
 and you will need to add 
  exim_user = root 
 since you can't check passwords unless you are root, so you need to run exim as root. Pity. 
+  
+Alternatively you can use shadow group to enable PAM without root priviliges  
+ exim_user = mail  
+ exim_group = shadow  
  
 Now restart exim and type 
  exim -bh localhost 
 try the commands 
@@ -49,10 +54,9 @@
 to investigate: 
 * using CRAM-MD5 
  
 ---- 
-  
- EximSmtpAuth with an [LDAP] Backend: 
+!! EximSmtpAuth with an [LDAP] Backend: 
  
 I use an [LDAP] backend for my mail, which works ok - except for some reason exim's smtp auth feature dies when trying to use pam_ldap. I figured I may as well use a native ldap query anyway, so here's what I came up with: 
  
 Exim is basically set up as mentioned above, except I still run exim as 'mail', not as 'root'. In this first instance, all my user accounts are under 'ou=People,dc=wlug,dc=org,dc=nz'. 
@@ -62,9 +66,10 @@
  login: 
  driver = plaintext 
  public_name = LOGIN 
  server_prompts = "LDAP Username:: : LDAP Password::" 
- server_condition = "${lookup ldap{user=uid=$1,ou=People,BASEDN pass=$2 ldap://localhost/BASEDN?uid?sub?(uid=$1)}{yes}fail}" 
+ server_condition = "${lookup ldap{user=uid=$1,ou=People,BASEDN pass=$2 \  
+ ldap://localhost/BASEDN?uid?sub?(uid=$1)}{yes}fail}" 
  server_set_id = $1 
  
 This makes use of the ldap lookups ability to set the binddn and password via the 'user' and 'pass' directives, before the ldap url. This means that the ldap lookup binds as the connecting user - if this succeeds, then the user/pass is valid. If it fails, then its not. 
  
@@ -73,17 +78,30 @@
  login: 
  driver = plaintext 
  public_name = LOGIN 
  server_prompts = "LDAP Username:: : LDAP Password::" 
- server_condition = "${lookup ldap{user=${lookup ldapdn{ldap://localhost/ou=Domains,BASEDN?dn?sub?(uid=$1)}} pass=$2 ldap://localhost/ou=Domains,BASEDN?uid?sub?(uid=$1)}{yes}fail}" 
+ server_condition = "${lookup ldap{user=${lookup \  
+ ldapdn{ldap://localhost/ou=Domains,BASEDN?dn?sub?(uid=$1)}} pass=$2 \  
+ ldap://localhost/ou=Domains,BASEDN?uid?sub?(uid=$1)}{yes}fail}" 
  server_set_id = $1 
  
 This one differs slightly, in that in order to find the binddn, i first had to do a query to find the dn of the uid relating to user@domain.co.nz. As this is stored in o=$domain,ou=Domains..., and the $domain wont work in this case (its only populated when it gets an incoming mail, not for an auth session), I either needed a regex to split $1 into $user and $domain, or else to do this extra query. It works out ok though :). Note that the internal query is of type 'ldapdn' - this returns the dn of the result, and assumes there is only one match for uid=$1. 
  
+----  
+!! Client Setup  
+All mail generated at my house gets sent to exim which runs on the router connected to my DSL line, my ISPs smarthost sucks (for various reasons), and being on a dynamic IP delivering directly is not such a smart idea. The solution is to smarthost to another server somewhere that will accept my mail using SMTP AUTH. In this case exim is acting as an SMTP AUTH client rather than a server.  
  
+You need the following configuration snippets, unfortunately the notes in the config file seem to suggest that you can only be a client to one SMTP AUTH server (or all the servers you authenticate to need to use the same username and password).  
  
+The setup is very simple, add the following line to your remote_smtp transport  
+ authenticate_hosts = <your smarthost here>  
  
+Then you simply need to add the following stanza to the authentication section at the end of your config file.  
+ login:  
+ driver = plaintext  
+ public_name = LOGIN  
+ client_send = ": <your username> : <your password>"  
  
-  
+You probably also want to be using STARTTLS to encrypt the connection, otherwise your password is sent in plaintext. Under debian you need to make sure you have the exim-tls package installed.  
  
 ---- 
 An alternative way of achieving a similar end (allowing hosts to relay through you for a set period of time) is to use [POPbeforeSMTP] 
The following authors of this page have not agreed to the WlugWikiLicense. As such copyright to all content on this page is retained by the original authors. The following authors of this page have agreed to the WlugWikiLicense.

PHP Warning

lib/plugin/WlugLicense.php (In template 'html'):99: Warning: Invalid argument supplied for foreach()

lib/plugin/WlugLicense.php (In template 'html'):111: Warning: in_array() [<a href='function.in-array'>function.in-array</a>]: Wrong datatype for second argument

lib/plugin/WlugLicense.php (In template 'html'):111: Warning: in_array() [<a href='function.in-array'>function.in-array</a>]: Wrong datatype for second argument