[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim and relaying -- for ONE user

5:05am? whassa matter, couldn't sleep? (that's *my* problem --
one of them, anyway...)

On Fri, Jan 31, 2003 at 05:05:32AM -0600, Alex Malinovich wrote:
> It's a very complicated and technical discovery process that I
> have dubbed "guessing". :) (Actually, the best way is to use
> exim -bh to test. That'll give you about as useful a bit of
> info as you're likely to get. :)

yes, it's a nice feature. you can see whether the user/passwd is
going into $1/$2 or $2/$3 for example...

> Ok, so you've got libpam-pwdfile installed. Everything you've
> posted from within your exim.conf appears to be in order. Make
> sure you've put the plain: stuff inside the authentication
> section. That was one of the first mistakes I made actually.
> :)

i noticed (below) you used "basic" instead of "plain" so i
munged my setup to match:

	plain:
		driver = plaintext
		public_name = BASIC
		server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
		server_set_id = $2

it may be only cosmetic -- then again it may not! (are there
some pieces missing there? looks kinda scant.)

> Next, check your /etc/pam.d/exim and make sure it looks a
> little something like this:
> 
> account required    pam_permit.so
> auth    required    pam_pwdfile.so pwdfile /etc/exim/passwd

it looks a /lot/ like that:

	# /etc/pam.d/exim
	
	# Note: exim requires an account as well as auth!
	account required    pam_permit.so
	auth    required    pam_pwdfile.so pwdfile /etc/exim/passwd

i'm trying a skeleton /etc/exim/passwd until something starts
working, anyhow -- then i'll customize from there.

> of course, you'll need to replace /etc/exim/passwd with the
> path to your actual password file. Also double check to make
> sure you made the passwd file and make sure you've got the
> same username/password combo in there that you're trying to
> log in with. I used the script that Derrick posted and it
> worked great for me. (not counting the fact that it's in
> python and not perl, but I guess I can't win 'em all... :)

and i made it "chmod 600" and "chown mail.mail" as well.

> Then just do an "exim -bh 127.0.0.1" and then:
> 
> EHLO hereiam
> AUTH BASIC <output of the base64 script using both \0's>
> 
> And it SHOULD work. (Should being the key term. If it doesn't,
> just post the error message and we'll go from there.) Good
> luck. :)

and here it comes--

	# exim -bh 192.168.1.2

	**** SMTP testing session as if from host 192.168.1.2
	**** Not for real!

	>>> host in host_lookup? yes (*)
	>>> looking up host name for 192.168.1.2
	>>> IP address lookup yielded duo
	>>> Alias duo.lan
	>>> host in host_reject? no (option unset)
	>>> host in host_reject_recipients? no (option unset)
	>>> host in auth_hosts? no (option unset)
	>>> host in sender_unqualified_hosts? no (option unset)
	>>> host in receiver_unqualified_hosts? no (option unset)
	>>> host in helo_verify? no (option unset)
	>>> host in helo_accept_junk_hosts? no (option unset)

[no mention of "host_auth_accept_relay = *" ?]

	220 server ESMTP Exim 3.35 #1 Fri, 31 Jan 2003 06:23:44 -0600
	ehlo herewego
	250-server Hello duo [192.168.1.2]
	250-SIZE
	250-PIPELINING
	250-AUTH BASIC
	250 HELP
	auth basic [base64-encoded-\0user\0passwd\0]
	>>> plain authenticator:
	>>>   $1 = 
	>>>   $2 = [username-was-here]
	>>>   $3 = [passwd-went-here]
	>>> expanded string: no
	535 Incorrect authentication data
	LOG: Authentication failed for duo (herewego) [192.168.1.2]: 535 Incorrect authentication data

(also tried \0user\0passwd without trailing \0, no good.) so
it's still retching on me. and yet...

	# exim -be
	> ${if pam{[username]:[bad-password]}{y}{nope}}
	nope
	> ${if pam{[username]:[right-password]}{y}{nope}}
	y

so who the hell's in charge, that's what i want to know.
apparently pam is working, but the config is rejecting it for
some reason.

tres mucho oddness. the story of my day. and the documentation is
prfect. sure it is.

> p.s. And once you're done with that you can start messing
> around with TLS support. That was my 2nd project and today I
> was able to, for the first time ever, send mail from my home
> mail server while away from home using username/password
> authentication over a secure connection. I was so proud. :)

you are *exactly* where *i* want to be. (i can tell the view is
awesome!) let me guess -- you've also got the imap thing working.
of course, adding md5 as well wouldn't hurt, but that'll be
another nail in the coffin. (mine, perhaps.) i just need a few
more breadcrumbs along the path...

-- 
I use Debian/GNU Linux version 3.0;
Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown
 
DEBIAN NEWBIE TIP #90 from Der.Hans <deb-user@LuftHans.com>
and Joey Hess <joey@kitenet.net>
:
Wondering HOW TO GET CPAN MODULES FOR PERL?
	man CPAN
Not too many manpages need capital letters. (It's a Perl module
that comes with Perl, or at least has since Potato or before.)
Then,
	perl -MCPAN -e 'shell'
CAVEAT: if the Perl module is not packaged in *.deb Debian
format (and about 270 are), the next best thing is to use the
dh-make-perl, which can build debian packages on the fly out of
CPAN.

Also see http://newbieDoc.sourceForge.net/ ...
Reply to: