Date: Thu, 25 Jan 2018 17:23:50 +0000 From: Frank Leonhardt <frank2@fjl.co.uk> To: freebsd-questions@freebsd.org Subject: Re: Exim authentication under FreeBSD Message-ID: <1d04cf39c6f6c55dd878ed002d449d7f@roundcube.fjl.org.uk> In-Reply-To: <b51c9def-73dd-9369-9dd7-775168a39507@unsane.co.uk> References: <mailman.110.1516881602.62670.freebsd-questions@freebsd.org> <20180125141451.GB919@lena.kiev> <525396fb1902007fb9d1733b1afd441c@roundcube.fjl.org.uk> <b51c9def-73dd-9369-9dd7-775168a39507@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2018-01-25 15:28, Vincent Hoffman-Kazlauskas wrote:
> On 25/01/2018 14:32, Frank Leonhardt wrote:
>> On 2018-01-25 14:14, Lena@lena.kiev.ua wrote:
>>>> From: Frank Leonhardt <frank2@fjl.co.uk>
>>>>
>>>> How do people do outgoing SMTP user-account authentication using
>>>> Exim?
>>>>
>>>> I'm talking about traditional user accounts (/etc/passwd) here, not
>>>> glorious LDAP or SQL database virtual users. If you've not come
>>>> across
>>>> this little problem-ette, Exim does not ever run as root and
>>>> therefore
>>>> can't check /etc/master.passwd like sendmail/saslauthd can.
>>>
>>> I run a POP3 server (port mail/popa3d) on the same machine
>>> and use obsolete removed port security/pam_pop3 with Exim's
>>> server_condition = ${if pam{
>>> and /etc/pam.d/exim :
>>>
>>> auth required /usr/local/lib/pam_pop3.so hostname=localhost info
>>> pwprompt=Password: timeout=5
>>> account required pam_permit.so
>>
>> Thanks. This exact method is actually in the Exim documentation, but
>> as
>> you state, the port no longer exists.
>
> I dont use exim on freebsd but
> https://github.com/Exim/exim/wiki/AuthenticatedSmtpUsingSaslauthd
> suggests you could use it with cyrus-sasl-authd which is an option in
> the port has that as an option in "make config" but not selected by
> default.
> Another option the port has is dovecot auth if you run dovecot
> imap/pop3
> https://wiki.dovecot.org/HowTo/EximAndDovecotSASL
> I use the dovecot sasl with postfix happily, but as I said I've not
> tried exim.
Thanks. It's not the same on FreeBSD but it is possible to get it
working with a bit of fiddling (i.e. add the third parameter which it
will use to select the appropriate PAM module from /etc/pam.d/xxxx).
There used to be a system called pwcheck but this is now deprecated by
Exim; hence the question - what are other people doing?
You can, theoretically, have Dovecot authenticate it (according to the
Dovecot documentation). That's fine if you're running a IMAP/POP3 server
on the same box.
Regards, Frank.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1d04cf39c6f6c55dd878ed002d449d7f>