summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--conf.d/070_authenticators.conf32
-rw-r--r--exim.conf3
2 files changed, 27 insertions, 8 deletions
diff --git a/conf.d/070_authenticators.conf b/conf.d/070_authenticators.conf
index 93a6ce2..f64796b 100644
--- a/conf.d/070_authenticators.conf
+++ b/conf.d/070_authenticators.conf
@@ -19,12 +19,6 @@
19 19
20begin authenticators 20begin authenticators
21 21
22.ifdef USERLIST
23AUTH_CHECK = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}}
24.else
25AUTH_CHECK = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}}
26.endif
27
28# PLAIN authentication has no server prompts. The client sends its 22# PLAIN authentication has no server prompts. The client sends its
29# credentials in one lump, containing an authorization ID (which we do not 23# credentials in one lump, containing an authorization ID (which we do not
30# use), an authentication ID, and a password. The latter two appear as 24# use), an authentication ID, and a password. The latter two appear as
@@ -33,13 +27,35 @@ AUTH_CHECK = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}}
33# use $auth2 as a lookup key, and compare $auth3 against the result of the 27# use $auth2 as a lookup key, and compare $auth3 against the result of the
34# lookup, perhaps using the crypteq{}{} condition. 28# lookup, perhaps using the crypteq{}{} condition.
35 29
36PLAIN: 30.ifdef USERLIST
31virtual_plain:
37 driver = plaintext 32 driver = plaintext
38 public_name = PLAIN 33 public_name = PLAIN
39 server_prompts = : 34 server_prompts = :
40 server_set_id = $auth2 35 server_set_id = $auth2
41 server_condition = AUTH_CHECK 36 server_condition = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}}
42 server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}} 37 server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
38.endif
39
40.ifdef ENABLE_PAM_AUTH
41pam_plain:
42 driver = plaintext
43 public_name = PLAIN
44 server_prompts = :
45 server_set_id = $auth2
46 server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}}
47 server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
48.endif
49
50.ifdef DOVECOT_AUTH_SOCKET
51dovecot_plain:
52 driver = dovecot
53 public_name = PLAIN
54 server_set_id = $auth1
55 server_socket = DOVECOT_AUTH_SOCKET
56 server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
57.endif
58
43 59
44# LOGIN authentication has traditional prompts and responses. There is no 60# LOGIN authentication has traditional prompts and responses. There is no
45# authorization ID in this mechanism, so unlike PLAIN the username and 61# authorization ID in this mechanism, so unlike PLAIN the username and
diff --git a/exim.conf b/exim.conf
index b020999..9c0b1a4 100644
--- a/exim.conf
+++ b/exim.conf
@@ -42,6 +42,9 @@ CERTDIR = /etc/mail/ssl
42DKIMDIR = /etc/mail/dkim 42DKIMDIR = /etc/mail/dkim
43 43
44USERLIST = /etc/mail/list.d/users.list 44USERLIST = /etc/mail/list.d/users.list
45#ENABLE_PAM_AUTH = yes
46#DOVECOT_AUTH_SOCKET = /var/run/dovecot/auth-client
47
45ALIASMAP = /etc/mail/list.d/aliases.map 48ALIASMAP = /etc/mail/list.d/aliases.map
46 49
47#SPAMD_ADDRESS = 127.0.0.1 11333 variant=rspamd 50#SPAMD_ADDRESS = 127.0.0.1 11333 variant=rspamd