Re: exim and relaying -- for ONE user

To: debian-user@lists.debian.org
Subject: Re: exim and relaying -- for ONE user
From: Derrick 'dman' Hudson <dman@dman.ddts.net>
Date: Thu, 30 Jan 2003 13:03:19 -0500
Message-id: <[🔎] 20030130180319.GA12722@dman.ddts.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] E18eBTz-0005zK-00@hendrik-sattler.de>
References: <[🔎] E18eBTz-0005zK-00@hendrik-sattler.de>

On Thu, Jan 30, 2003 at 10:59:46AM +0100, Hendrik Sattler wrote:
| Derrick 'dman' Hudson wrote:
| 
| > Note, however, that AUTH PLAIN isn't very secure.  You should only
| > allow it if the client has first initiated a TLS connection.  That
| > requires first setting up TLS.  I don't know if exim 3 can restrict it
| > to a TLS session only, or how to do it.  Either read the docs or
| > upgrade to exim 4 (I know how to check that in exim4).
| 
| Exim3 can restrict it like exim4.

That's good.  What's the conf setting to achieve that?

| You forgot the LOGIN method that is needed by some clients.

I did leave it out.  The configuration side is basically the same as
for PLAIN.  Some docs I read said LOGIN was never actually
standardized, so I thought it was a good idea not to use it.  IIRC old
netscape and old lookout only handle LOGIN, and one (or both) of those
won't recognize it unless the server incorrectly advertises it.

| CRAM-MD5 should not be needed as TLS should really be secure enough,
| isn't it? ;)

Depends on whether you want to use TLS or not.

| > An alternative to using exim's own lookup and crypt capabilities is to
| > defer to pam.  There are several advantages of this, for one you can
| > use any backend (flat file, system account, LDAP, SQL, etc.) that pam
| > supports.  If you use shadow passwords for system accounts and want
| > exim to use the same for SMTP AUTH you'll have to either run exim as
| > the 'shadow' group, or make the shadow file readable by the exim
| > group.  To configure this method :
| 
| Did you tried using pam_exim? It works great, letting exim continue to run 
| as non-root and still using pam (using an external suid-root pam helper).

No, I hadn't seen pam_exim.  That design sounds a lot like the sasldb
method provided by cyrus-sasl (postfix uses cyrus-sasl).

-D

-- 
You have heard the saying that if you put a thousand monkeys in a room with a
thousand typewriters and waited long enough, eventually you would have a room
full of dead monkeys.
                                (Scott Adams - The Dilbert principle)
 
http://dman.ddts.net/~dman/

Attachment: pgp0joWcng9r3.pgp
Description: PGP signature

Reply to:

References:
- Re: exim and relaying -- for ONE user
  - From: Hendrik Sattler <sattler2000@gmx.de>

Prev by Date: Re: Backup Consensus?
Next by Date: Re: Download installed .debs??
Previous by thread: Re: exim and relaying -- for ONE user
Next by thread: Re: exim and relaying -- for ONE user
Index(es):
- Date
- Thread