blob: ff8c03dd5dec7ad694660a2911b99c2347455237 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# Using PAM directly from Exim on Gentoo is non-ideal from security
# perspective, see:
# https://bugs.gentoo.org/964377
# Suggestion is to use Dovecot's SASL
# https://doc.dovecot.org/2.4.1/howto/sasl/exim.html#exim-and-dovecot-sasl
# or Cyrus SASL's saslauthd
# https://exim-users.exim.narkive.com/joAt25zW/authentication-using-saslauthd-cyrus-sasl
# You will want to setup at least 2 directives for AUTH support that are
# only announced on secure connections (e.g. after STARTTLS) so the
# client never attempts to send the plain password over an unencrypted
# connection.
# The "plain" directive works for nearly everything except windows MUA's.
# The "login" directive will allow you to authenticate your Outlook 2000 and
# outlook express clients.
# below an example of how to use Cyrus SASL in Exim's authenticators.
#plain:
# driver = cyrus_sasl
# public_name = PLAIN
# server_set_id = $auth1
# server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
#
#login:
# driver = cyrus_sasl
# public_name = LOGIN
# server_set_id = $auth1
# server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
#
# to tell cyrus_sasl to connect to the saslauth deamon, you need a file
# /etc/sasl2/exim.conf containing:
#pwcheck_method: saslauthd
#
# and make sure you configure /etc/conf.d/saslauthd properly, e.g. use
# "-a shadow" for the simplest support, or when using pam that the
# appropriate /etc/pam.d/saslauthd is setup.
|
