Re: exim mailserver

Tue, 05 Nov 2002 00:44:36 -0800 

On Mon, Nov 04, 2002 at 05:53:19PM -0500, ZZ wrote:
> On Mon, Nov 04, 2002 at 10:15:29PM +0100, Hendrik Sattler wrote:
> > ZZ wrote:
> > > Maybe I've figured this out, today I found sslwrap which can ssl-ify my
> > > smtp connection if I can get that password authentication stuff to work.
> > > The info in /usr/share/docs/exim/ does talk about it, but not much.
> > 
> > Hm, obiously mail is forwarded to news:linux.debian.user but not the other 
> > way round. There is a package exim-tls that has a n exim compiled with 
> > openssl support.
> > 
>
> Damn, I had used apt-cache to try to find just such a thing! Does
> exim-tls use the old exim.conf? I installed tls, I expected it to run
> eximconfig and maybe ask some questions about the ssl part. However it
> just installed the files and restarted exim(-tls). /etc/exim/exim.conf
> is the same file I edited originally, but now exim-tls will not
> authenticate.
> 
> Does exim-tls use port 465 for the ssmtp connections? I port scanned my
> box and nothing is running on that port, so at this point neither ssl
> nor authentication is currently working.
> 

I have been trying to get exim-tls set up the way I want now for a
couple of weeks. If you use smtps I figure it uses port 465. But I
want to set it up to use the TLS command, so when clients connect to
port 25 from an unauthorized host, they can issue a TLS command to
start an encrypted session.

But I still am stuck getting the authorization working. The perfect
solution would be to use sasl (maybe with pam?), since I use cyrus as
an imapd. But for a start pam_unix would work. Cyrus isn't from the
.deb, I set it up before cyrus 2.x was packaged.

Currently in the LOGIN authenticator I use 

server_condition = "${if pam{$1:${sg{$2}{:}{::}}} {1}{0}}"

but when I test it with 

# exim -bh some.foreign.host.ip

I get

535 Incorrect authentication data
LOG: Authentication failed for some.foreign.host.tld
[some.foreign.host.ip]: 535 Incorrect authentication data

even though I supplied the correct credentials.
In auth.log there is

 PAM_unix[13952]: authentication failure; username(uid=8) -> username
    for exim service

Here is my /etc/pam.d/exim

auth        required            pam_unix.so debug
account     required            pam_unix.so debug

Googeling seems to point to permission problems, being unable to read
/etc/shadow. What would be the recomended way to get this to work?

-- 
Vinai
Registered Linux User #280755, Debian GNU/Linux  http://counter.li.org/
Secure eMail with gnupg                          http://www.gnupg.org/

Attachment: msg11107/pgp00000.pgp
Description: PGP signature

Reply via email to