Date: Thu, 25 Jan 2018 20:46:54 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: Frank Leonhardt <frank2@fjl.co.uk> Cc: User Questions <freebsd-questions@freebsd.org> Subject: Re: Exim authentication under FreeBSD Message-ID: <CAAdA2WOMKgbXiGMc9D2FTWh3AguUm0C0mK%2BxxTFiNP4itsjS6A@mail.gmail.com> In-Reply-To: <1d04cf39c6f6c55dd878ed002d449d7f@roundcube.fjl.org.uk> References: <mailman.110.1516881602.62670.freebsd-questions@freebsd.org> <20180125141451.GB919@lena.kiev> <525396fb1902007fb9d1733b1afd441c@roundcube.fjl.org.uk> <b51c9def-73dd-9369-9dd7-775168a39507@unsane.co.uk> <1d04cf39c6f6c55dd878ed002d449d7f@roundcube.fjl.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 January 2018 at 20:23, Frank Leonhardt <frank2@fjl.co.uk> wrote:
> On 2018-01-25 15:28, Vincent Hoffman-Kazlauskas wrote:
>
>> On 25/01/2018 14:32, Frank Leonhardt wrote:
>>
>>> On 2018-01-25 14:14, Lena@lena.kiev.ua wrote:
>>>
>>>> From: Frank Leonhardt <frank2@fjl.co.uk>
>>>>>
>>>>> How do people do outgoing SMTP user-account authentication using Exim?
>>>>>
>>>>> I'm talking about traditional user accounts (/etc/passwd) here, not
>>>>> glorious LDAP or SQL database virtual users. If you've not come across
>>>>> this little problem-ette, Exim does not ever run as root and therefore
>>>>> can't check /etc/master.passwd like sendmail/saslauthd can.
>>>>>
>>>>
>>>> I run a POP3 server (port mail/popa3d) on the same machine
>>>> and use obsolete removed port security/pam_pop3 with Exim's
>>>> server_condition = ${if pam{
>>>> and /etc/pam.d/exim :
>>>>
>>>> auth required /usr/local/lib/pam_pop3.so hostname=localhost info
>>>> pwprompt=Password: timeout=5
>>>> account required pam_permit.so
>>>>
>>>
>>> Thanks. This exact method is actually in the Exim documentation, but as
>>> you state, the port no longer exists.
>>>
>>
>> I dont use exim on freebsd but
>> https://github.com/Exim/exim/wiki/AuthenticatedSmtpUsingSaslauthd
>> suggests you could use it with cyrus-sasl-authd which is an option in
>> the port has that as an option in "make config" but not selected by
>> default.
>> Another option the port has is dovecot auth if you run dovecot imap/pop3
>> https://wiki.dovecot.org/HowTo/EximAndDovecotSASL
>> I use the dovecot sasl with postfix happily, but as I said I've not
>> tried exim.
>>
>
> Thanks. It's not the same on FreeBSD but it is possible to get it working
> with a bit of fiddling (i.e. add the third parameter which it will use to
> select the appropriate PAM module from /etc/pam.d/xxxx).
>
> There used to be a system called pwcheck but this is now deprecated by
> Exim; hence the question - what are other people doing?
>
> You can, theoretically, have Dovecot authenticate it (according to the
> Dovecot documentation). That's fine if you're running a IMAP/POP3 server on
> the same box.
>
>
> Regards, Frank.
>
>
If you are not running an IMAP4/POP3 on the server, I still think it's
trivial to generate a username:password pair from /etc/master.passwd and
create a file that is only readable by the Exim user and use that for auth
using a lookup passwd method. I remember doing that many years ago.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WOMKgbXiGMc9D2FTWh3AguUm0C0mK%2BxxTFiNP4itsjS6A>