Exim-TLS - how to auth user?

To: debian-user@lists.debian.org
Subject: Exim-TLS - how to auth user?
From: Iain Tatch <debian@deepsea.force9.co.uk>
Date: Fri, 21 Feb 2003 19:25:49 +0000
Message-id: <[🔎] 17245337451.20030221192549@deepsea.force9.co.uk>
Reply-to: Iain Tatch <iain@deepsea.force9.co.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello the list

I have a question regarding authenticating an SMTP request.

I have a user who would like to be able to use my Debian woody machine as a
general SMTP host while he is "on the road". He could be connecting via any
of a number of dial-up accounts, all with dynamic IP assignment, so I cannot
authenticate him via a simple IP address.

My MTA on this box is Exim, and after a little bit of reading around, I
decided what I needed to do was to use the SMTP-AUTH extension (as per RFC
2554), and to avoid sending passwords in the clear, to use the TLS version
of Exim.

So I `apt-get install exim-tls`, created myself a TLS certificate, and made
the necessary modifications to the exim.conf to switch on the SMTP-over-TLS
stuff. FYI the additional stuff I made to the exim.conf are:

   # Which hosts do we tell that we have STARTTLS available?
   tls_advertise_hosts = *

   # File locations
   tls_certificate = /etc/ssl/certs/exim.tls.crt
   tls_privatekey  = /etc/ssl/certs/exim.tls.key

   # insist that any client using auth starts a TLS session first
   auth_over_tls_hosts = *

So far so good, if I telnet to port 25 and issue an EHLO command, exim
replies that one of the functions supported is STARTTLS. But what I *don't*
seem to be able to do is get Exim to recognise any of the authentication
methods, it doesn't seem to have been compiled with either AUTH_PLAIN or
AUTH_CRAM-MD5 (or anything else).

If this is so, I'm still not really much better off. I can insist that my
roaming user connects via a secure method, but if I still have no way of
authenticating him then I still can't verify identity, and hence I'd still
have to leave my Exim in a basically open relay state (albeit one that will
require a secure connection).

Am I missing something, or has the Exim-TLS package been compiled without
any of the AUTH methods. Which seems rather odd to me.

Any help, tips, flames etc gratefully received.

Thanks!
- -- 
Iain | PGP mail preferred: pubkey @ www.deepsea.f9.co.uk/misc/iain.asc
 ($=,$,)=split/"13\//,"13\"13\/tl.rnh  r   HITtahkPctacriAneeeusaoJ";;
 for(@==sort@$=split//,$,){$..=$$[$=];$$=$=[$=];$@=1;$@++while$=[--$=]
 eq$$&&$=>=$?;$==$?;for(@$){$@--if$$ eq$_;;last if!$@;$=++}}print$..$/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com

iQA/AwUBPlZ9MGByUNb+aO+GEQKUfQCfZ+3mnBVMlCAKWNnJTzh/Wxuw/6QAoKrQ
8o4DtywZHbxZY0o8Iqf5fUUw
=duCg
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Exim-TLS - how to auth user?
  - From: Ernest Johanson <ejohan@fuller.edu>

Prev by Date: Re: mutt compressed folders support ???
Next by Date: audio recording is (still) fast
Previous by thread: Re: nvidia driver for debian testing
Next by thread: Re: Exim-TLS - how to auth user?
Index(es):
- Date
- Thread