Wiki

User Tools

Site Tools

Trace: enable_smtp-auth_for_pine test_exim4_authenticators access_control_lists_acls enable_smtp-auth_with_pam
exim4:enable_smtp-auth

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
exim4:enable_smtp-auth [2016/11/06 19:36] – created peterexim4:enable_smtp-auth [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Exim4 - Enable SMTP-Auth ====== ====== Exim4 - Enable SMTP-Auth ======
  
-Within the /etc/exim4 directory run:+===== Generate an Exim SSL certificate ===== 
 + 
 +Exim provides a script for this.  Either run: 
 + 
 +<code bash> 
 +/usr/share/doc/exim4-base/examples/exim-gencert 
 +</code> 
 + 
 +or create a certificate manually.  Within the /etc/exim4 directory run:
  
 <code bash> <code bash>
Line 31: Line 39:
 </code> </code>
  
 +This will create an **exim.key** and **exim.crt** file in /etc/exim.
 +
 +
 +===== Enable the basic SMTP-Auth in the Exim config file =====
 +
 +Uncomment the following lines.  TODO dont do this but do the next step on sasl.
 +
 +<file bash /etc/exim4/exim4.conf.template>
 +# plain_server:
 +#   driver = plaintext
 +#   public_name = PLAIN
 +#   server_condition = "${if crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CON$
 +#   server_set_id = $2
 +#   server_prompts = :
 +#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
 +#   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
 +#   .endif
 +</file>
 +
 +and
 +
 +<file bash /etc/exim4/exim4.conf.template>
 +login_server:
 +  driver = plaintext
 +  public_name = LOGIN
 +  server_prompts = "Username:: : Password::"
 +  server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
 +  server_set_id = $auth1
 +  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
 +  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
 +  .endif
 +</file>  
 +
 +
 +
 +===== saslauthd Authentication =====
 +
 +You need to configure Exim4 to use the saslauthd for authentication.  Edit /etc/exim4/conf.d/auth/30_exim4-config_examples and uncomment the plain_saslauthd_server and login_saslauthd_server sections:
 +
 +<file bash /etc/exim4/exim4.conf.template>
 + plain_saslauthd_server:
 +   driver = plaintext
 +   public_name = PLAIN
 +   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
 +   server_set_id = $auth2
 +   server_prompts = :
 +   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
 +   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
 +   .endif
 +#
 + login_saslauthd_server:
 +   driver = plaintext
 +   public_name = LOGIN
 +   server_prompts = "Username:: : Password::"
 +   # don't send system passwords over unencrypted connections
 +   server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
 +   server_set_id = $auth1
 +   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
 +   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
 +   .endif
 +</file>
 +
 +
 +===== Configuring SASL =====
 +
 +This section provides details on configuring the saslauthd to provide authentication for Exim4.
 +
 +Install the sasl2-bin package.
 +
 +<code bash>
 +apt-get install sasl2-bin
 +</code>
 +
 +To configure saslauthd edit the /etc/default/saslauthd configuration file and set START=no to:
 +
 +<file bash /etc/default/saslauthd>
 +START=yes
 +</file>
 +
 +Next the Debian-exim user needs to be part of the sasl group in order for Exim4 to use the saslauthd service:
 +
 +<code bash>
 +sudo adduser Debian-exim sasl
 +</code>
 +
 +Now start the saslauthd service:
 +
 +<code bash>
 +sudo /etc/init.d/saslauthd start
 +</code>
 +
 +Exim4 is now configured with SMTP AUTH using TLS and SASL authentication.
 +
 +
 +===== Enable TLS =====
 +
 +Create (or edit if it exists) /etc/exim4/exim4.conf.localmacros
 +
 +Add the line:
 +
 +<file bash /etc/exim4/exim4.conf.localmacros>
 +MAIN_TLS_ENABLE = true
 +</file>
 +
 +
 +===== Setup the users and passwords =====
 +
 +Users and their passwords are held within the **/etc/exim4/passwd** file in the following format:
 +
 +<code>
 +:$Username:$password:
 +</code>
 +
 +
 +Create **/etc/exim4/passwd** if it does not exist.  
 +
 +Copy output from:
 +
 +<code bash>
 +htpasswd -nd usernameforsmtp
 +</code>
 +
 +or
 +
 +<code bash>
 +mkpasswd -H md5
 +</code>
 +
 +and paste it in /etc/exim4/passwd
 +
 +Repeat for any other logins you'd like to add.
 +
 +
 +==== Set the permissions and ownership ====
 +
 +This file should have permissions set to 640 and have ownership of root:Debian-exim.
 +
 +<code bash>
 +chmod 640 /etc/exim4/passwd
 +Chown root:Debian-exim /etc/exim4/passwd
 +</code>
 +
 +
 +===== Update your configuration and Restart Exim4 =====
 +
 +<code bash>
 +update-exim4.conf
 +/etc/init.d/exim4 restart
 +</code>
 +
 +
 +===== An SMTP AUTH session =====
 +
 +<code bash>
 +220-mail.xxxxxxxx.com ESMTP Exim 4.34 #1 Wed, 23 Jun 2004 17:35:13 -0700 
 +EHLO mail.myserver.com
 +250-mail.xxxxxxxx.com Hello mail.myserver.com [192.168.0.156]
 +250-SIZE 52428800
 +250-PIPELINING
 +250-AUTH PLAIN LOGIN
 +250-STARTTLS
 +250 HELP
 +AUTH LOGIN
 +334 VXNlcm5hbWU6
 +bXl1c2VybmFtZQ==
 +334 UGFzc3dvcmQ6
 +bXlwYXNzd29yZA==
 +235 Authentication succeeded
 +</code>
 +
 +===== References =====
 +
 +/usr/share/share/exim/README.Debian.gz
 +
 +https://help.ubuntu.com/community/Exim4
 +
 +https://debian-administration.org/article/280/HowTo_Setup_Basic_SMTP_AUTH_in_Exim4
exim4/enable_smtp-auth.1478461014.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki