Secure Relaying -- a start
On Fri, Jan 31, 2003 at 08:23:09AM -0500, Ed Lawson wrote:
> Pardon me for coming into the middle of this thread, but I now
> need to set up secure relaying on my stable box running Exim.
> If I read the messages back from the EHLO command correctly,
> the "regular" Exim package is not compiled with authentication
> options enabled. This means, does it not, that no
> authentications methods are available for Exim using the
> "regualr" package? which in turn means one must install
> Exim-tsl to have any form of authentication absent compiling
> your own?
holy cow. i wouldn't have known the answer to this one,
yesterday morning...
ready?
apt-get install exim-doc-html
then browse to /usr/share/doc/exim/manual.html/spec.html; what
you're looking for is "what makes exim publicize its
authentication schemes..." right? so, head for section 11 where
you'll find "auth_always_advertise":
auth_always_advertise
Type: boolean
Default: true
This option is available only when Exim is compiled with
authentication support. Normally, if any server
authentication mechanisms are configured, Exim advertises
them in response to any EHLO command. ...
so before exim advertises that it's able to do the authentication
dialog, the compiled exim must have had certain flags set, which
the standard debian/woody exim does; then if the compile flags
have been set properly (we debian newbies need not worry about
the ragu -- "it's in there") you refer to ANY auth mechanism in
your exim.conf file, it'll "advertise" it:
# exim -bh 192.168.1.2
<snip>
220 server ESMTP Exim 3.35 #1 Fri, 31 Jan 2003 12:24:32 -0600
ehlo somewhere.there
250-server Hello duo [192.168.1.2]
250-SIZE
250-PIPELINING
250-AUTH BASIC LOGIN
250 HELP
quit
221 server closing connection
(you can learn more about "exim -bh" and "exim -be" in section 5
of the manual.)
the line
250-AUTH BASIC LOGIN
shows i've got two auth clauses in my exim.conf (one of which i'm
still working on), BASIC and LOGIN -- at the very bottom of the
exim.conf file:
# seems to work:
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $1
# refuses to cooperate -- but i'll get it eventually:
plain:
driver = plaintext
public_name = BASIC
server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
server_set_id = $2
if i comment those out in my exim.conf file, exim won't say
anything about authentication -- it'd all be unavailable
(non-configured) anyhow, right?
at least -- that's my setup, as i understand it, so far. today.
not applicable in all areas. offer valid for a limited time. some
restrictions apply. see store for details.
--
I use Debian/GNU Linux version 3.0;
Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown
DEBIAN NEWBIE TIP #63 from Will Trillich <will@serensoft.com>
:
What's the best way to GET RESPONSES ON DEBIAN-USER? There are
several things to keep in mind:
1) Debians are all volunteers because they enjoy what they
do; they don't owe you diddly (and you'll be one of us
when you start getting involved): ASK, and ye shall
recieve; DEMAND, and ye shall be rebuffed
2) Provide evidence showing that you did put effort into
finding a solution to your problem (at least demonstrate
that you've seen the manual)
3) Be known to offer pointers and assistance to others
4) Give enough information so that someone else can figure
out what you're after; and make it legible
5) Enjoy yourself and have fun -- it'll come across, and we
enjoy people who enjoy life; a petulant whiner seldom
gets any useful pointers other than "Out, damn spot!"
Also see http://newbieDoc.sourceForge.net/ ...
Reply to: