Re: exim and relaying -- for ONE user

To: Derrick 'dman' Hudson <dman@dman.ddts.net>
Subject: Re: exim and relaying -- for ONE user
From: Hendrik Sattler <sattler2000@gmx.de>
Date: Thu, 30 Jan 2003 10:59:46 +0100
Message-id: <[🔎] E18eBTz-0005zK-00@hendrik-sattler.de>
References: <20030129183012$1248@gated-at.bofh.it> <20030130012009$6b60@gated-at.bofh.it> <20030130033007$3c4f@gated-at.bofh.it> <20030130063007$00b6@gated-at.bofh.it>

Derrick 'dman' Hudson wrote:

> Note, however, that AUTH PLAIN isn't very secure.  You should only
> allow it if the client has first initiated a TLS connection.  That
> requires first setting up TLS.  I don't know if exim 3 can restrict it
> to a TLS session only, or how to do it.  Either read the docs or
> upgrade to exim 4 (I know how to check that in exim4).

Exim3 can restrict it like exim4. You forgot the LOGIN method that is needed 
by some clients. CRAM-MD5 should not be needed as TLS should really be 
secure enough, isn't it? ;)

> An alternative to using exim's own lookup and crypt capabilities is to
> defer to pam.  There are several advantages of this, for one you can
> use any backend (flat file, system account, LDAP, SQL, etc.) that pam
> supports.  If you use shadow passwords for system accounts and want
> exim to use the same for SMTP AUTH you'll have to either run exim as
> the 'shadow' group, or make the shadow file readable by the exim
> group.  To configure this method :

Did you tried using pam_exim? It works great, letting exim continue to run 
as non-root and still using pam (using an external suid-root pam helper).

HS

Reply to:

Follow-Ups:
- Re: exim and relaying -- for ONE user
  - From: Derrick 'dman' Hudson <dman@dman.ddts.net>

Prev by Date: Re: devfsd and /dev/dsp
Next by Date: Re: 384mb RAM installed but 57mb recognized at bootup..........huh ?
Previous by thread: Re: exim and relaying -- for ONE user
Next by thread: Re: exim and relaying -- for ONE user
Index(es):
- Date
- Thread