-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello the list
I have a question regarding authenticating an SMTP request.
I have a user who would like to be able to use my Debian woody machine as a
general SMTP host while he is "on the road". He could be connecting via any
of a number of dial-up accounts, all with dynamic IP assignment, so I cannot
authenticate him via a simple IP address.
My MTA on this box is Exim, and after a little bit of reading around, I
decided what I needed to do was to use the SMTP-AUTH extension (as per RFC
2554), and to avoid sending passwords in the clear, to use the TLS version
of Exim.
So I `apt-get install exim-tls`, created myself a TLS certificate, and made
the necessary modifications to the exim.conf to switch on the SMTP-over-TLS
stuff. FYI the additional stuff I made to the exim.conf are:
# Which hosts do we tell that we have STARTTLS available?
tls_advertise_hosts = *
# File locations
tls_certificate = /etc/ssl/certs/exim.tls.crt
tls_privatekey = /etc/ssl/certs/exim.tls.key
# insist that any client using auth starts a TLS session first
auth_over_tls_hosts = *
So far so good, if I telnet to port 25 and issue an EHLO command, exim
replies that one of the functions supported is STARTTLS. But what I *don't*
seem to be able to do is get Exim to recognise any of the authentication
methods, it doesn't seem to have been compiled with either AUTH_PLAIN or
AUTH_CRAM-MD5 (or anything else).
If this is so, I'm still not really much better off. I can insist that my
roaming user connects via a secure method, but if I still have no way of
authenticating him then I still can't verify identity, and hence I'd still
have to leave my Exim in a basically open relay state (albeit one that will
require a secure connection).
Am I missing something, or has the Exim-TLS package been compiled without
any of the AUTH methods. Which seems rather odd to me.
Any help, tips, flames etc gratefully received.
Thanks!
- --
Iain | PGP mail preferred: pubkey @ www.deepsea.f9.co.uk/misc/iain.asc
($=,$,)=split/"13\//,"13\"13\/tl.rnh r HITtahkPctacriAneeeusaoJ";;
for(@[EMAIL PROTECTED]//,$,){$..=$$[$=];$$=$=[$=];[EMAIL PROTECTED];[EMAIL PROTECTED]
eq$$&&$=>=$?;$==$?;for(@$)[EMAIL PROTECTED] eq$_;;last if!$@;$=++}}print$..$/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
iQA/AwUBPlZ9MGByUNb+aO+GEQKUfQCfZ+3mnBVMlCAKWNnJTzh/Wxuw/6QAoKrQ
8o4DtywZHbxZY0o8Iqf5fUUw
=duCg
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
