blob: 11185017e10c7551f216e24aa0699e084b4d8cc2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# The following authenticators support plaintext username/password
# authentication using the standard PLAIN mechanism and the traditional
# but non-standard LOGIN mechanism, with Exim acting as the server.
# PLAIN and LOGIN are enough to support most MUA software.
#
# These authenticators are not complete: you need to change the
# server_condition settings to specify how passwords are verified.
# They are set up to offer authentication to the client only if the
# connection is encrypted with TLS, so you also need to add support
# for TLS. See the global configuration options section at the start
# of this file for more about TLS.
#
# The default RCPT ACL checks for successful authentication, and will accept
# messages from authenticated users from anywhere on the Internet.
begin authenticators
# PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not
# use), an authentication ID, and a password. The latter two appear as
# $auth2 and $auth3 in the configuration and should be checked against a
# valid username and password. In a real configuration you would typically
# use $auth2 as a lookup key, and compare $auth3 against the result of the
# lookup, perhaps using the crypteq{}{} condition.
.ifdef USERLIST
virtual_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_set_id = $auth2
server_condition = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}}
server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
.endif
.ifdef ENABLE_PAM_AUTH
pam_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_set_id = $auth2
server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}}
server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
.endif
.ifdef DOVECOT_AUTH_SOCKET
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_set_id = $auth1
server_socket = DOVECOT_AUTH_SOCKET
server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
.endif
# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.
.ifdef USERLIST
virtual_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_set_id = $auth1
server_condition = ${if crypteq{$auth2}{${lookup{$auth1}lsearch{USERLIST}}} {yes}{no}}
server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
.endif
.ifdef ENABLE_PAM_AUTH
pam_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_set_id = $auth1
server_condition = ${if pam{$auth1:${sg{$auth2}{:}{::}}} {yes}{no}}
server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
.endif
.ifdef DOVECOT_AUTH_SOCKET
dovecot_login:
driver = dovecot
public_name = LOGIN
server_set_id = $auth1
server_socket = DOVECOT_AUTH_SOCKET
server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
.endif
|