From owner-freebsd-questions@freebsd.org Thu Jan 25 17:23:54 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81406EC1006 for ; Thu, 25 Jan 2018 17:23:54 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "bs1.fjl.org.uk", Issuer "bs1.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 14E4987D10 for ; Thu, 25 Jan 2018 17:23:53 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from roundcube.fjl.org.uk (localhost [127.0.0.1]) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id w0PHNobJ001447 for ; Thu, 25 Jan 2018 17:23:50 GMT (envelope-from frank2@fjl.co.uk) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 25 Jan 2018 17:23:50 +0000 From: Frank Leonhardt To: freebsd-questions@freebsd.org Subject: Re: Exim authentication under FreeBSD Organization: FJL Microsystems In-Reply-To: References: <20180125141451.GB919@lena.kiev> <525396fb1902007fb9d1733b1afd441c@roundcube.fjl.org.uk> Message-ID: <1d04cf39c6f6c55dd878ed002d449d7f@roundcube.fjl.org.uk> X-Sender: frank2@fjl.co.uk User-Agent: Roundcube Webmail/0.9.2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jan 2018 17:23:54 -0000 On 2018-01-25 15:28, Vincent Hoffman-Kazlauskas wrote: > On 25/01/2018 14:32, Frank Leonhardt wrote: >> On 2018-01-25 14:14, Lena@lena.kiev.ua wrote: >>>> From: Frank Leonhardt >>>> >>>> How do people do outgoing SMTP user-account authentication using >>>> Exim? >>>> >>>> I'm talking about traditional user accounts (/etc/passwd) here, not >>>> glorious LDAP or SQL database virtual users. If you've not come >>>> across >>>> this little problem-ette, Exim does not ever run as root and >>>> therefore >>>> can't check /etc/master.passwd like sendmail/saslauthd can. >>> >>> I run a POP3 server (port mail/popa3d) on the same machine >>> and use obsolete removed port security/pam_pop3 with Exim's >>> server_condition = ${if pam{ >>> and /etc/pam.d/exim : >>> >>> auth required /usr/local/lib/pam_pop3.so hostname=localhost info >>> pwprompt=Password: timeout=5 >>> account required pam_permit.so >> >> Thanks. This exact method is actually in the Exim documentation, but >> as >> you state, the port no longer exists. > > I dont use exim on freebsd but > https://github.com/Exim/exim/wiki/AuthenticatedSmtpUsingSaslauthd > suggests you could use it with cyrus-sasl-authd which is an option in > the port has that as an option in "make config" but not selected by > default. > Another option the port has is dovecot auth if you run dovecot > imap/pop3 > https://wiki.dovecot.org/HowTo/EximAndDovecotSASL > I use the dovecot sasl with postfix happily, but as I said I've not > tried exim. Thanks. It's not the same on FreeBSD but it is possible to get it working with a bit of fiddling (i.e. add the third parameter which it will use to select the appropriate PAM module from /etc/pam.d/xxxx). There used to be a system called pwcheck but this is now deprecated by Exim; hence the question - what are other people doing? You can, theoretically, have Dovecot authenticate it (according to the Dovecot documentation). That's fine if you're running a IMAP/POP3 server on the same box. Regards, Frank.