-
Notifications
You must be signed in to change notification settings - Fork 178
Q0730
How can I use the same passwords for SMTP authentication as I use for Courier IMAP access to my server?
You can access the Courier authdaemon from an Exim authenticator. You must arrange for the Exim user (often exim but sometimes mail) to be able to access the authdaemon socket (e.g. /var/run/courier/authdaemon/socket or /var/run/authdaemon.courier-imap/socket). The configuration is something of a hack, but it is reported to work.
begin authenticators
AUTHDAEMON_SOCKET = /path/to/authdaemon/socket
# LOGIN authenticator
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${extract {address} {${readsocket{AUTHDAEMON_SOCKET} \
{AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n} }} {yes} fail}
server_set_id = $1
# PLAIN authenticator
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${extract {address} {${readsocket{AUTHDAEMON_SOCKET} \
{AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n} }} {yes} fail}
server_set_id = $2
Don't set a macro AUTH in your configuration, otherwise this will not work!
You can also use CRAM authenticators (CRAM-SHA1 is hardly used by any mail client, but CRAM-MD5 is used by some). Note that you need at least Exim 4.43 for that. Passwords in Courier's userdb are stored CRYPTed by default, which cannot be used for CRAM, so you have to add the password in addition:
# userdbpw -hmac-md5 | userdb $user-login set hmac-md5pw
(password dialog...)
# makeuserdb
In Exim's main configuration:
acl_smtp_auth = acl_check_auth
In the ACL section:
acl_check_auth:
accept set acl_c0 = <$pid.$tod_epoch@$primary_hostname>
In the authenticator section:
# CRAM-MD5, RFC2195
cram_md5:
driver = plaintext
public_name = CRAM-MD5
server_prompts = $acl_c0
server_set_id = ${sg {${extract {1}{ }{$1} }} {[^a-zA-Z0-9.-_]} {?}}
server_condition = ${if eq \
{${extract {address} \
{${readsocket{AUTHDAEMON_SOCKET} \
{AUTH ${strlen:exim\ncram-md5\n${str2b64:$acl_c0}\n${str2b64:$1}\n}\nexim\ncram-md5\n${str2b
64:$acl_c0}\n${str2b64:$1}\n} \
}} \
{$value} fail}} \
{${extract {1}{ }{$1} }} \
{yes}}
Change every occurrence of "md5" to "sha1" to have a CRAM-SHA1 authenticator. Current builds of Courier also support CRAM-SHA256 (after a security flaw was detected in SHA1, though it is more theoretically), so you could even add CRAM-SHA256.
- How do I block unwanted messages from outside my host?
- I don't want to block spam entirely; how can I inspect each message
- How can I test that my spam blocks are working?
- How can I test that Exim is correctly configured to use a DNS black list
- How can I use tcpwrappers in conjunction with Exim?
- How can I get POP-auth-before-relay (aka POP-before-SMTP) support in
- I have one or two cases where my host correctly rejects messages, but
- How can I run customized verification checks on incoming addresses?
- Does Exim apply RBL checks to error messages, those with an envelope
- I want to reject certain sender-recipient combinations, with a specific
- Will Exim allow me to create a file of regexs and match incoming
- I've hacked sendmail to make an ioctl call at the time of the SMTP RCPT
- I'd like to pass all messages through a virus-scanning system before
- Is there a way to configure Exim to reject mail to a certain local host?
- How can I get Exim to remove attachments from messages?
- How can I arrange for each user to have a file listing the only sender
- When using Nessus on a system that runs Exim, a number of security
- Could anyone points me to right rules to prevent sending/receiving
- I would like to have a per-user limit for the maximum size of messages
- I set
accept hosts=192.168.122.96/32in order to accept mail for - I have POP-before-SMTP set up on my Exim server, but some clients use
- I installed Amavis and it is working, but bounces are simply vanishing.
- I can't get Pine to work with PLAIN authentication; Exim keeps
- I have used
:fail:in some aliases; when one of these addresses is refused, I see the message on the log, but the response to the remote user is unknown user > instead of the message from the alias file. How can I change this? - I've set up some specific rejection messages for certain recipients, but
- My SMTP authentication can be bypassed by sending an unknown user name
- When a message has many recipients, how can I stop SpamAssassin_ from
- How do I use Exiscan, SA-Exim, SpamAssassin_, Clam Antivirus, Sophos
- How can I screen out addresses that are neither valid usernames or
- How can I use the same passwords for SMTP authentication as I use for
- Is there any defence I can use against spam sent through an open proxy?
- I would like to either warn or deny when a host uses an underscore in
- Is there any way to tell Exim not to lookup the IP address against any
- How do MailScanner_ and Exiscan compare? What are the pros and cons?
- How can I block non-FQDNs in HELO/EHLOs?
- Is it possible to tell exim to drop the connection after a server
- Is there some way to tell Exim not to consider 127.0.0.1 as a valid MX?
- How can I configure Exim to delay the SMTP connection if more than 10
- Does Exim support SPF?
- How can I change the MAIL FROM address that is used for callouts?
- How can I get Outlook Express to use TLS when authenticating?
- How do I stop Exim being an open relay?
- What should I put in my acl_smtp_rcpt?
- I've got a queue full of "bounce" messages. How do I get rid of them?