Hi again guys,
thanks for the help thus far. I have managed to get cyrus talking with
exim to deliver mail (the -a inside the quotes did this) and I have the
cyrus_sasl driver authenticating using DIGEST-MD5:
digest_md5_sasl_server:
driver = cyrus_sasl
public_name = DIGEST-MD5
server_realm = chemainus.mjbrownloos.com
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
I can receive mail OK, exim passes it to cyrus and I can work with
mailboxes in Thunderbird however I don't seem to be able to authenticate
to the SMTP server when sending. Do I need to specify a separate auth
for sending through SMTP?
If I turn on *AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes* I can send if I
enable *login_sasl_server* but I'm sending plaintext passwords. :-(
If I turn off *AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes* then I cannot
send using *login_sasl_server* because it obviously needs an encrypted
password but I keep getting the message relay not permitted.
If I disable login_sasl_server leaving only the *digest_md5_sasl_server*
I still get relay not permitted so it seems it's not authenticating on send.
If it can authenticate for IMAP using *digest_md5_sasl_server* why would
it fail when sending?
regards
*Paul O'Rorke*
Tracker Software Products p...@tracker-software.com
<mailto:paul.oro...@tracker-software.com>
On 2/17/2014 12:42 AM, Vladislav Kurz wrote:
On Saturday 15 of February 2014 00:05:59 Paul O'Rorke wrote:
> If I don't use any encrypted passwords I can log in, work with
> mailboxes, receive mail but not send (relay not permitted which I
> suspect is so as to not be an open relay..?)
You can always set relay_nets (using "dpkg-reconfigure exim4-config")
to your local subnet.
> What do I need to do to authenticate with the cyrus_sasl db? Why would
> the authenticator driver "cyrus_sasl" not be available? Do I need to
> enable that somewhere?
I'm not sure but check if you have installed these packages:
sasl2-bin, libsasl2-modules and exim4-daemon-heavy (instead of -light).
> I've read so many conflicting pages I've completely confused myself.
> Maybe I should be looking at TLS/SSL now...
If you are on secure net, try setting
AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes (in conf.d/main/00_whatever),
to allow plaintext auth.
--
S pozdravem
Vladislav Kurz
=== WebStep, s.r.o. (Ltd.) ========= a step to the Web ===
address: Mezirka 1, 602 00 Brno, CZ, tel: +420 548 214 711
=== www.webstep.net ======= vladislav.k...@webstep.net ===
----
Cyrus Home Page:http://www.cyrusimap.org/
List Archives/Info:http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
