Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

authentication problem with client (webmail)

  

 
exim users RSS feed   Index | Next | Previous | View Threaded


v.augustin at multiartstudio

May 3, 2002, 4:31 AM

Post #1 of 2 (204 views)
Permalink
authentication problem with client (webmail)
hi,

can anybody help me setting up my exim 4 with authentication...

i got it working, now i need authentication with netscape, never tested
with outlook, coming soon...

but, if i use my squirrelmail webmail interface, its still sending mail
over sendmail (symbolic link to exim-binary) without yuthentication,
...spammers do so too, and i can see in my logfiles that remote servers
talking to my host as it is an open relay.

how can i stop relaying and make authentication work with
squirrel-webmail?

i must be compatible to dial-up users, but i think i could verify the
senders_helo_name against the list of hosted domains in a database
(exim4 works fine with postgres 7.1)

so can anybody help me setting up my acl's or auths?

here is what my config says:
i added:

auth_advertise_hosts = *

to the main-section

and:
######ACL#######
begin acl

acl_check_rcpt:

accept hosts = :
deny local_parts = ^.*[@%!/|]
require condition = "${if and { \
{!eq{$sender_helo_name}{}} \
{!eq{$domain}{}} \
{eq{$sender_helo_name}{${lookup pgsql{SELECT
domain FROM domain WHERE domain='$sender_helo_name' limit
1}{$value}fail}}} \
} {yes}{no}}"

accept local_parts = postmaster
domains = +local_domains
require verify = sender


accept domains = +local_domains
endpass
message = unknown user
verify = sender : recipient
require condition = "${if and { \
{!eq{$sender_helo_name}{}} \
{!eq{$domain}{}} \
{eq{$sender_helo_name}{${lookup pgsql{SELECT
domain FROM domain WHERE domain='$sender_helo_name' limit
1}{$value}fail}}} \
} {yes}{no}}"



accept domains = +relay_to_domains
require condition = "${if and { \
{!eq{$sender_helo_name}{}} \
{!eq{$domain}{}} \
{eq{$sender_helo_name}{${lookup pgsql{SELECT
domain FROM domain WHERE domain='$sender_helo_name' limit
1}{$value}fail}}} \
} {yes}{no}}"
message = unrouteable address
verify = recipient : sender


accept authenticated = *

possible :((
accept hosts = +relay_from_hosts
deny message = relay not permitted





###authenticators
###works fine but not for webmail :((

db_plain_auth:
driver = plaintext
public_name = PLAIN
client_send = \
"^username^password"

server_condition = "${if and { \
{!eq{$2}{}} \
{!eq{$3}{}} \
{eq{$3}{${lookup pgsql{SELECT passwd FROM
account WHERE account='$2' limit 1}{$value}fail}}} \
} {yes}{no}}"


djc at microwave

May 3, 2002, 1:43 PM

Post #2 of 2 (188 views)
Permalink
Re: authentication problem with client (webmail) [In reply to]
On Fri, 3 May 2002, volker wrote:

> hi,
>
> can anybody help me setting up my exim 4 with authentication...
>
> i got it working, now i need authentication with netscape, never tested
> with outlook, coming soon...
>
> but, if i use my squirrelmail webmail interface, its still sending mail
> over sendmail (symbolic link to exim-binary) without yuthentication,
> ...spammers do so too, and i can see in my logfiles that remote servers
> talking to my host as it is an open relay.


Authentication only applies to outside hosts connecting via SMTP, and
will not apply to your webmail program if it is calling sendmail
locally....


>
> how can i stop relaying and make authentication work with
> squirrel-webmail?
>
> i must be compatible to dial-up users, but i think i could verify the
> senders_helo_name against the list of hosted domains in a database
> (exim4 works fine with postgres 7.1)
>
> so can anybody help me setting up my acl's or auths?
>
> here is what my config says:
> i added:
>
> auth_advertise_hosts = *
>
> to the main-section
>
> and:
> ######ACL#######
> begin acl
>
> acl_check_rcpt:
>
> accept hosts = :
> deny local_parts = ^.*[@%!/|]
> require condition = "${if and { \
> {!eq{$sender_helo_name}{}} \
> {!eq{$domain}{}} \
> {eq{$sender_helo_name}{${lookup pgsql{SELECT
> domain FROM domain WHERE domain='$sender_helo_name' limit
> 1}{$value}fail}}} \
> } {yes}{no}}"
>
> accept local_parts = postmaster
> domains = +local_domains
> require verify = sender
>
>
> accept domains = +local_domains
> endpass
> message = unknown user
> verify = sender : recipient
> require condition = "${if and { \
> {!eq{$sender_helo_name}{}} \
> {!eq{$domain}{}} \
> {eq{$sender_helo_name}{${lookup pgsql{SELECT
> domain FROM domain WHERE domain='$sender_helo_name' limit
> 1}{$value}fail}}} \
> } {yes}{no}}"
>
>
>
> accept domains = +relay_to_domains
> require condition = "${if and { \
> {!eq{$sender_helo_name}{}} \
> {!eq{$domain}{}} \
> {eq{$sender_helo_name}{${lookup pgsql{SELECT
> domain FROM domain WHERE domain='$sender_helo_name' limit
> 1}{$value}fail}}} \
> } {yes}{no}}"
> message = unrouteable address
> verify = recipient : sender
>
>
> accept authenticated = *
>
> possible :((
> accept hosts = +relay_from_hosts
> deny message = relay not permitted
>
>
>
>
>
> ###authenticators
> ###works fine but not for webmail :((
>
> db_plain_auth:
> driver = plaintext
> public_name = PLAIN
> client_send = \
> "^username^password"
>
> server_condition = "${if and { \
> {!eq{$2}{}} \
> {!eq{$3}{}} \
> {eq{$3}{${lookup pgsql{SELECT passwd FROM
> account WHERE account='$2' limit 1}{$value}fail}}} \
> } {yes}{no}}"
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>


--

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.