Re: exim mailserver

To: debian-user@lists.debian.org
Subject: Re: exim mailserver
From: Vinai Kopp <vinai@netzarbeiter.com>
Date: Tue, 5 Nov 2002 09:42:14 +0100
Message-id: <[🔎] 20021105084214.GA13876@home-in-the.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20021104225319.GB7741@cercy.net>
References: <[🔎] 20021104135610.GA3929@cercy.net> <[🔎] 20021104194128.GA6298@cercy.net> <E188oZb-0002RW-00@hendrik-sattler.de> <[🔎] 20021104225319.GB7741@cercy.net>

On Mon, Nov 04, 2002 at 05:53:19PM -0500, ZZ wrote:
> On Mon, Nov 04, 2002 at 10:15:29PM +0100, Hendrik Sattler wrote:
> > ZZ wrote:
> > > Maybe I've figured this out, today I found sslwrap which can ssl-ify my
> > > smtp connection if I can get that password authentication stuff to work.
> > > The info in /usr/share/docs/exim/ does talk about it, but not much.
> > 
> > Hm, obiously mail is forwarded to news:linux.debian.user but not the other 
> > way round. There is a package exim-tls that has a n exim compiled with 
> > openssl support.
> > 
>
> Damn, I had used apt-cache to try to find just such a thing! Does
> exim-tls use the old exim.conf? I installed tls, I expected it to run
> eximconfig and maybe ask some questions about the ssl part. However it
> just installed the files and restarted exim(-tls). /etc/exim/exim.conf
> is the same file I edited originally, but now exim-tls will not
> authenticate.
> 
> Does exim-tls use port 465 for the ssmtp connections? I port scanned my
> box and nothing is running on that port, so at this point neither ssl
> nor authentication is currently working.
> 

I have been trying to get exim-tls set up the way I want now for a
couple of weeks. If you use smtps I figure it uses port 465. But I
want to set it up to use the TLS command, so when clients connect to
port 25 from an unauthorized host, they can issue a TLS command to
start an encrypted session.

But I still am stuck getting the authorization working. The perfect
solution would be to use sasl (maybe with pam?), since I use cyrus as
an imapd. But for a start pam_unix would work. Cyrus isn't from the
.deb, I set it up before cyrus 2.x was packaged.

Currently in the LOGIN authenticator I use 

server_condition = "${if pam{$1:${sg{$2}{:}{::}}} {1}{0}}"

but when I test it with 

# exim -bh some.foreign.host.ip

I get

535 Incorrect authentication data
LOG: Authentication failed for some.foreign.host.tld
[some.foreign.host.ip]: 535 Incorrect authentication data

even though I supplied the correct credentials.
In auth.log there is

 PAM_unix[13952]: authentication failure; username(uid=8) -> username
    for exim service

Here is my /etc/pam.d/exim

auth        required            pam_unix.so debug
account     required            pam_unix.so debug

Googeling seems to point to permission problems, being unable to read
/etc/shadow. What would be the recomended way to get this to work?

-- 
Vinai
Registered Linux User #280755, Debian GNU/Linux  http://counter.li.org/
Secure eMail with gnupg                          http://www.gnupg.org/

Attachment: pgpKRzKjNL7iM.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: exim mailserver
  - From: ZZ <deb@cercy.net>
- Re: exim mailserver
  - From: Rob Weir <rweir@softhome.net>

References:
- exim mailserver
  - From: ZZ <deb@cercy.net>
- Re: exim mailserver
  - From: ZZ <deb@cercy.net>
- Re: exim mailserver
  - From: ZZ <deb@cercy.net>

Prev by Date: Re: Stuck with Netscape 4.7X: How to switch?
Next by Date: Re: Stuck with Netscape 4.7X: How to switch?
Previous by thread: Re: exim mailserver
Next by thread: Re: exim mailserver
Index(es):
- Date
- Thread