Exim4 : allow relaying for authenticateed users (LDAP,PAM over TLS)
Frank Lin PIAT
I want to allow my remote users to submit emails through SMTP
on port 587 (using TLS). Obviously I want to enforce authenticate
for those mail submission (my user are stored in LDAP, with passwrd
as plain text, so both PAM and LDAP should be possible [?]).
Does anyone knows a good howto. I am especially wondering how to
instruct EXIM to use PAM/LDAP rather than the local /etc/exim4/passwd)
thanks
Franklin
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/d4361857e45ce32c419c...@ssl.klabs.be
Boyd Stephen Smith Jr.
wrote:
>I want to allow my remote users to submit emails through SMTP
>on port 587 (using TLS).
I do this with exim currently.
>Obviously I want to enforce authenticate
>for those mail submission
Of course, no reason to be an open relay.
>(my user are stored in LDAP, with passwrd
>as plain text, so both PAM and LDAP should be possible [?]).
I've never tried to get exim to talk to LDAP at all. My exim uses PAM for
authentication, which may or may not be the best idea.
Here's how I got exim4 to talk to PAM:
0. Package: -heavy
1. Debconf: split configuration, internet site.
2. /etc/exim4/conf.d/auth/99_local-config_auth_login
login_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if pam{$auth1:${sg{$auth2}{:}{::}}}}
server_set_id = $auth1
3. /etc/exim4/conf.d/auth/99_local-config_auth_plain
plain_server:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if pam{$2:$3}}
server_set_id = $2
>Does anyone knows a good howto. I am especially wondering how to
>instruct EXIM to use PAM/LDAP rather than the local /etc/exim4/passwd)
My exim talks to PAM, but my PAM doesn't do any LDAP. /etc/pam.d/exim just
includes the common-{auth,account,session} files; those files just require
pam_unix.so.
I've not messed with LDAP at all, really.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
Andrew Reid
>
> Does anyone knows a good howto. I am especially wondering how to
> instruct EXIM to use PAM/LDAP rather than the local /etc/exim4/passwd)
It has been a long time since I did this, but my recollection
is that Exim is one of those sensible applications that actually
uses the system "getent" calls to figure out users and so forth,
so as long as your /etc/nsswitch.conf file is set up to
use the LDAP, Exim will automatically and seamlessly get it right.
PAM don't enter into it.
-- A.
--
Andrew Reid / rei...@bellatlantic.net
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/201101091409...@bellatlantic.net
William Cooper
Hello,
I want to allow my remote users to submit emails through SMTP
on port 587 (using TLS). Obviously I want to enforce authenticate
for those mail submission (my user are stored in LDAP, with passwrd
as plain text, so both PAM and LDAP should be possible [?]).
Does anyone knows a good howto. I am especially wondering how to
instruct EXIM to use PAM/LDAP rather than the local /etc/exim4/passwd)
thanks
Franklin
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if ldapauth \
{user=${lookup ldapdn {ldap://localhost/ou=people,dc=myorg,dc=org??sub?(uid=$2)}} \
pass=${quote:$auth3} \
ldap://localhost/}}
server_set_id = $2
Hope that helps