On Thu, Jan 30, 2003 at 10:59:46AM +0100, Hendrik Sattler wrote: | Derrick 'dman' Hudson wrote: | | > Note, however, that AUTH PLAIN isn't very secure. You should only | > allow it if the client has first initiated a TLS connection. That | > requires first setting up TLS. I don't know if exim 3 can restrict it | > to a TLS session only, or how to do it. Either read the docs or | > upgrade to exim 4 (I know how to check that in exim4). | | Exim3 can restrict it like exim4.
That's good. What's the conf setting to achieve that?
| You forgot the LOGIN method that is needed by some clients.
I did leave it out. The configuration side is basically the same as
for PLAIN. Some docs I read said LOGIN was never actually
standardized, so I thought it was a good idea not to use it. IIRC old
netscape and old lookout only handle LOGIN, and one (or both) of those
won't recognize it unless the server incorrectly advertises it.
| CRAM-MD5 should not be needed as TLS should really be secure enough,
| isn't it? ;)
Depends on whether you want to use TLS or not.
| > An alternative to using exim's own lookup and crypt capabilities is to
| > defer to pam. There are several advantages of this, for one you can
| > use any backend (flat file, system account, LDAP, SQL, etc.) that pam
| > supports. If you use shadow passwords for system accounts and want
| > exim to use the same for SMTP AUTH you'll have to either run exim as
| > the 'shadow' group, or make the shadow file readable by the exim
| > group. To configure this method :
|
| Did you tried using pam_exim? It works great, letting exim continue to run
| as non-root and still using pam (using an external suid-root pam helper).
No, I hadn't seen pam_exim. That design sounds a lot like the sasldb
method provided by cyrus-sasl (postfix uses cyrus-sasl).
-D
--
You have heard the saying that if you put a thousand monkeys in a room with a
thousand typewriters and waited long enough, eventually you would have a room
full of dead monkeys.
(Scott Adams - The Dilbert principle)
http://dman.ddts.net/~dman/
msg27425/pgp00000.pgp
Description: PGP signature
