Differences

This shows you the differences between two versions of the page.

--- exim4:enable_smtp-auth [2016/11/07 11:07] – peter
+++ exim4:enable_smtp-auth [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 38: / Line 38: @@
 Email Address []:admin@sharewiz.net
 </code>
+This will create an **exim.key** and **exim.crt** file in /etc/exim.
 ===== Enable the basic SMTP-Auth in the Exim config file =====
-Uncomment the following lines.
+Uncomment the following lines.  TODO dont do this but do the next step on sasl.
 <file bash /etc/exim4/exim4.conf.template>
@@ Line 55: / Line 57: @@
 #   .endif
 </file>
+and
+<file bash /etc/exim4/exim4.conf.template>
+login_server:
+  driver = plaintext
+  public_name = LOGIN
+  server_prompts = "Username:: : Password::"
+  server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
+  server_set_id = $auth1
+  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+  .endif
+</file>
+===== saslauthd Authentication =====
+You need to configure Exim4 to use the saslauthd for authentication.  Edit /etc/exim4/conf.d/auth/30_exim4-config_examples and uncomment the plain_saslauthd_server and login_saslauthd_server sections:
+<file bash /etc/exim4/exim4.conf.template>
+ plain_saslauthd_server:
+   driver = plaintext
+   public_name = PLAIN
+   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
+   server_set_id = $auth2
+   server_prompts = :
+   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+   .endif
+#
+ login_saslauthd_server:
+   driver = plaintext
+   public_name = LOGIN
+   server_prompts = "Username:: : Password::"
+   # don't send system passwords over unencrypted connections
+   server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
+   server_set_id = $auth1
+   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+   .endif
+</file>
+===== Configuring SASL =====
+This section provides details on configuring the saslauthd to provide authentication for Exim4.
+Install the sasl2-bin package.
+<code bash>
+apt-get install sasl2-bin
+</code>
+To configure saslauthd edit the /etc/default/saslauthd configuration file and set START=no to:
+<file bash /etc/default/saslauthd>
+START=yes
+</file>
+Next the Debian-exim user needs to be part of the sasl group in order for Exim4 to use the saslauthd service:
+<code bash>
+sudo adduser Debian-exim sasl
+</code>
+Now start the saslauthd service:
+<code bash>
+sudo /etc/init.d/saslauthd start
+</code>
+Exim4 is now configured with SMTP AUTH using TLS and SASL authentication.
@@ Line 70: / Line 146: @@
 ===== Setup the users and passwords =====
-Create /etc/exim4/passwd
+Users and their passwords are held within the **/etc/exim4/passwd** file in the following format:
+<code>
+:$Username:$password:
+</code>
+Create **/etc/exim4/passwd** if it does not exist.
 Copy output from:
@@ Line 78: / Line 161: @@
 </code>
-And paste it in /etc/exim4/passwd
+or
+<code bash>
+mkpasswd -H md5
+</code>
+and paste it in /etc/exim4/passwd
 Repeat for any other logins you'd like to add.
+==== Set the permissions and ownership ====
+This file should have permissions set to 640 and have ownership of root:Debian-exim.
+<code bash>
+chmod 640 /etc/exim4/passwd
+Chown root:Debian-exim /etc/exim4/passwd
+</code>
@@ Line 91: / Line 190: @@
+===== An SMTP AUTH session =====
+<code bash>
+-mail.xxxxxxxx.com ESMTP Exim 4.34 #1 Wed, 23 Jun 2004 17:35:13 -0700
+EHLO mail.myserver.com
+-mail.xxxxxxxx.com Hello mail.myserver.com [192.168.0.156]
+-SIZE 52428800
+-PIPELINING
+-AUTH PLAIN LOGIN
+-STARTTLS
+HELP
+AUTH LOGIN
+VXNlcm5hbWU6
+bXl1c2VybmFtZQ==
+UGFzc3dvcmQ6
+bXlwYXNzd29yZA==
+Authentication succeeded
+</code>
+===== References =====
+/usr/share/share/exim/README.Debian.gz
+https://help.ubuntu.com/community/Exim4
+https://debian-administration.org/article/280/HowTo_Setup_Basic_SMTP_AUTH_in_Exim4