04.19.05

Setting up SMTP AUTH TLS with exim4

Posted in internet, linux at 4:48 pm by site admin

I just finished setting up my smtp auth support in exim4. Originally, I was going to perform authentication over the courier authdaemon as describe here, but i didnt quite understand the socket situation, so I opted for a more simplicitic route (since authdaemon uses a mysql backend). I also found a simple static password setup here. It did detail some good info about configuring exim3 correctly. Exim4 has a few different options.

To translate these options to exim4, I followed this email.

So I have the following in my exim4.conf
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
tls_certificate = CONFDIR/exim.crt
tls_privatekey = CONFDIR/exim.key
tls_advertise_hosts = *

To get the mysql query right in my authenticator, I followed the
manual. While I dislike going to the exim4 manual, its actually very verbose and informative. I have to start going there instead of google searching all day. I found some examples of authenticators here, here, and here. They were basically good, except that I realized they didnt do any query santization. So i changed references to $n to ${quote_mysql:$2}. Its also important not to have any extraneous white space after a query string – it can cause the condition to fail.

A reminder, if you are using mysql, you have to add the server in exim4
hide mysql_servers = localhost/db/user/password

I had alot of stumbling on the way, and found the best way to debug my configuration was to send mail:
$echo –ne ‘\0me\0pass’ | base64-encode
AG1lAHBhc3M=

$telnet localhost 25
> EHLO foo
> auth plain AG1lAHBhc3M

To increase debugging, I ran exim4 in debug mode:
$exim4 -C config -d+all -bs #where config is my new config file

Permalink