1

I work on a newsletter system for my project and I wanna use exim4 (lightweight version) for sending newaletters (just for newsletters because the mail is hosted separated...on google apps). But there is a way to auth and setup domains and accounts (mail@ex1.com, mail@ex2.com, etc.) ? Any idea is welcomed! Thanks :)

Robert
  • 11
  • 1
  • The answer is "yes" but without more information it'd be hard to say how you ought to do it. Is this list going to change regularly? Should mail@example.com and mail@example.net be the same account or should each domain be separate? Are you going to have more than one account in a domain? If someone replies to the email, is that going to be handled by this server? (if so, where does it go?) – DerfK May 19 '12 at 14:53
  • yes...i want to be able to add as many domains and account as posible. if someone replies the email will be replied to a predefined email from google apps, that's why i want to use exim just for sending. – Robert May 19 '12 at 16:09

1 Answers1

0

Debian provides a couple of examples in their default configuration snippets. If you're using Debian and its split configuration system, these should be in /etc/exim4/auth/30_exim4-config_examples (if you aren't, it would be after begin authenticators in the configuration file), and then you'd uncomment the section you are using (for instance, this one is for crypted passwords):

login_server:
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{/some/place/passwdfile}{$value}{*:*}}}}}{1}{0}}"
   server_set_id = $auth1
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}

Note the server_advertise_condition. Since the password is sent in clear text over the network, this login type should only be allowed when TLS is being used. CRAM-MD5 does not send the password in plaintext over the network so it does not require TLS, but it does require the server to hold a plaintext copy of the password so it can generate per-session hashes from it. Per Debian's documentation, /some/place/passwdfile contains accounts of the form

foo@example.com:$crypt$compatible$hash:plaintextpassword
bar@example.com:$crypt$compatible$hash:plaintextpassword
foo@example.net:$crypt$compatible$hash:plaintextpassword

etc. The crypt password hashes can be made using (for example) makepasswd --crypt-md5 or mkpasswd -H md5. The plaintextpassword is only necessary if you're using CRAM-MD5, since it requires the server to create custom hashes of the password for each login. Adding and removing accounts is simply a matter of adding or deleting lines from the file. Users must log in with the whole email address as their username.

DerfK
  • 19,313
  • 2
  • 35
  • 51
  • server_advertise_condition is a boolean option, not a host pattern; the {}{\*} is working only because "" is treated as false and "\*" is a string with some length not explicitly detected as false, so is true. Simpler to just write: `${if def:tls_cipher}` – Phil P May 25 '12 at 14:09