Derrick 'dman' Hudson wrote: > Note, however, that AUTH PLAIN isn't very secure. You should only > allow it if the client has first initiated a TLS connection. That > requires first setting up TLS. I don't know if exim 3 can restrict it > to a TLS session only, or how to do it. Either read the docs or > upgrade to exim 4 (I know how to check that in exim4).
Exim3 can restrict it like exim4. You forgot the LOGIN method that is needed by some clients. CRAM-MD5 should not be needed as TLS should really be secure enough, isn't it? ;) > An alternative to using exim's own lookup and crypt capabilities is to > defer to pam. There are several advantages of this, for one you can > use any backend (flat file, system account, LDAP, SQL, etc.) that pam > supports. If you use shadow passwords for system accounts and want > exim to use the same for SMTP AUTH you'll have to either run exim as > the 'shadow' group, or make the shadow file readable by the exim > group. To configure this method : Did you tried using pam_exim? It works great, letting exim continue to run as non-root and still using pam (using an external suid-root pam helper). HS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
