diff options
-rw-r--r-- | conf.d/070_authenticators.conf | 32 | ||||
-rw-r--r-- | exim.conf | 3 |
2 files changed, 27 insertions, 8 deletions
diff --git a/conf.d/070_authenticators.conf b/conf.d/070_authenticators.conf index 93a6ce2..f64796b 100644 --- a/conf.d/070_authenticators.conf +++ b/conf.d/070_authenticators.conf | |||
@@ -19,12 +19,6 @@ | |||
19 | 19 | ||
20 | begin authenticators | 20 | begin authenticators |
21 | 21 | ||
22 | .ifdef USERLIST | ||
23 | AUTH_CHECK = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}} | ||
24 | .else | ||
25 | AUTH_CHECK = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}} | ||
26 | .endif | ||
27 | |||
28 | # PLAIN authentication has no server prompts. The client sends its | 22 | # PLAIN authentication has no server prompts. The client sends its |
29 | # credentials in one lump, containing an authorization ID (which we do not | 23 | # credentials in one lump, containing an authorization ID (which we do not |
30 | # use), an authentication ID, and a password. The latter two appear as | 24 | # use), an authentication ID, and a password. The latter two appear as |
@@ -33,13 +27,35 @@ AUTH_CHECK = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}} | |||
33 | # use $auth2 as a lookup key, and compare $auth3 against the result of the | 27 | # use $auth2 as a lookup key, and compare $auth3 against the result of the |
34 | # lookup, perhaps using the crypteq{}{} condition. | 28 | # lookup, perhaps using the crypteq{}{} condition. |
35 | 29 | ||
36 | PLAIN: | 30 | .ifdef USERLIST |
31 | virtual_plain: | ||
37 | driver = plaintext | 32 | driver = plaintext |
38 | public_name = PLAIN | 33 | public_name = PLAIN |
39 | server_prompts = : | 34 | server_prompts = : |
40 | server_set_id = $auth2 | 35 | server_set_id = $auth2 |
41 | server_condition = AUTH_CHECK | 36 | server_condition = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}} |
42 | server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}} | 37 | server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}} |
38 | .endif | ||
39 | |||
40 | .ifdef ENABLE_PAM_AUTH | ||
41 | pam_plain: | ||
42 | driver = plaintext | ||
43 | public_name = PLAIN | ||
44 | server_prompts = : | ||
45 | server_set_id = $auth2 | ||
46 | server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}} | ||
47 | server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}} | ||
48 | .endif | ||
49 | |||
50 | .ifdef DOVECOT_AUTH_SOCKET | ||
51 | dovecot_plain: | ||
52 | driver = dovecot | ||
53 | public_name = PLAIN | ||
54 | server_set_id = $auth1 | ||
55 | server_socket = DOVECOT_AUTH_SOCKET | ||
56 | server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}} | ||
57 | .endif | ||
58 | |||
43 | 59 | ||
44 | # LOGIN authentication has traditional prompts and responses. There is no | 60 | # LOGIN authentication has traditional prompts and responses. There is no |
45 | # authorization ID in this mechanism, so unlike PLAIN the username and | 61 | # authorization ID in this mechanism, so unlike PLAIN the username and |
@@ -42,6 +42,9 @@ CERTDIR = /etc/mail/ssl | |||
42 | DKIMDIR = /etc/mail/dkim | 42 | DKIMDIR = /etc/mail/dkim |
43 | 43 | ||
44 | USERLIST = /etc/mail/list.d/users.list | 44 | USERLIST = /etc/mail/list.d/users.list |
45 | #ENABLE_PAM_AUTH = yes | ||
46 | #DOVECOT_AUTH_SOCKET = /var/run/dovecot/auth-client | ||
47 | |||
45 | ALIASMAP = /etc/mail/list.d/aliases.map | 48 | ALIASMAP = /etc/mail/list.d/aliases.map |
46 | 49 | ||
47 | #SPAMD_ADDRESS = 127.0.0.1 11333 variant=rspamd | 50 | #SPAMD_ADDRESS = 127.0.0.1 11333 variant=rspamd |