Re: exim and relaying -- for ONE user
- To: Derrick 'dman' Hudson <dman@dman.ddts.net>
- Subject: Re: exim and relaying -- for ONE user
- From: Hendrik Sattler <sattler2000@gmx.de>
- Date: Thu, 30 Jan 2003 10:59:46 +0100
- Message-id: <[🔎] E18eBTz-0005zK-00@hendrik-sattler.de>
- References: <20030129183012$1248@gated-at.bofh.it> <20030130012009$6b60@gated-at.bofh.it> <20030130033007$3c4f@gated-at.bofh.it> <20030130063007$00b6@gated-at.bofh.it>
Derrick 'dman' Hudson wrote:
> Note, however, that AUTH PLAIN isn't very secure. You should only
> allow it if the client has first initiated a TLS connection. That
> requires first setting up TLS. I don't know if exim 3 can restrict it
> to a TLS session only, or how to do it. Either read the docs or
> upgrade to exim 4 (I know how to check that in exim4).
Exim3 can restrict it like exim4. You forgot the LOGIN method that is needed
by some clients. CRAM-MD5 should not be needed as TLS should really be
secure enough, isn't it? ;)
> An alternative to using exim's own lookup and crypt capabilities is to
> defer to pam. There are several advantages of this, for one you can
> use any backend (flat file, system account, LDAP, SQL, etc.) that pam
> supports. If you use shadow passwords for system accounts and want
> exim to use the same for SMTP AUTH you'll have to either run exim as
> the 'shadow' group, or make the shadow file readable by the exim
> group. To configure this method :
Did you tried using pam_exim? It works great, letting exim continue to run
as non-root and still using pam (using an external suid-root pam helper).
HS
Reply to: