Re: Exim authentication
* Mike Mimic ([EMAIL PROTECTED]) [020621 02:18]: > I have used: > > plain: > driver = plaintext > public_name = PLAIN > server_condition = "${if pam{$2:$3}{1}{0}}" > server_set_id = $2 my plain authenticator looks identical to the above, but my login is different from the one below. > login: > driver = plaintext > public_name = LOGIN > server_prompts = "Username:: : Password::" > server_condition = "${if pam{$2:$3}{1}{0}}" > server_set_id = $2 Mine looks like this: login: driver = plaintext public_name = LOGIN server_prompts = "Username:::Password::" server_condition = ${if pam {$1:${sg{$2}{:}{::}}}{yes}{no}} server_set_id = $1 The sg bit is to double any colons in the password string (s/:/::/g). That's just a quoting thing. The main difference I see is that you're calling to pam with $2 and $3, where I'm using $1 and $2 (and server_set_id = $1). > as is written in Exim specifications. And I use > MIME encoded '\0user\0password' (\0 are NULL). > > Is this correct? Will mail clients use such line > too? Unfortunately, we can't count on client mailers to go by "the standard" in this case, especially when the client uses MS mailers. Your best bet for testing is to test with the mailers your clients will be using. I believe you're on the right track for testing, though; you just need to base64 encode "\0user\0password". Trying it with exim -d9 will let you know if exim is interpreting the username and password as you expect it should be. > > 2) Is linux a system that requires root access to > use > > PAM? > > As Vineet Kumar said it is. Well, actually I said just the opposite: it can be done on linux without running as root, but I think you understood that to be what I meant, just said it wrong. > So what is wrong? As I see exim uses correct strings > for username and password and use PAM which returns > that password isn't correct. Still not sure exactly what's going wrong. Here's my pam.d/exim: # PAM configurtion file for exim smtp auth auth required /lib/security/pam_pwdfile.so pwdfile /etc/imap.passwd accountrequired /lib/security/pam_permit.so That authenticates against a username:crypted_password file instead of the regular unix authentication. This enables my imap users to relay through the machine (and they don't have shell accounts). I don't think you should need a session group in your pam file for smtp auth, and I just use pam_permit for account since I manage the password file manually. (Otherwise you could use pam_unix for auth and something else for account to control whether the user should be allowed to use exim for smtp auth). I hope that helps. If not, I can post more details about why it's set up the way it is -- just ask. good times, Vineet -- http://www.doorstop.net/ -- "[T]he ad skips It's theft Any time you skip a commercial... you're actually stealing the programming." - Turner CEO Jamie Kellner Is fair use dead? Help the EFF help you! http://www.eff.org/ pgpgF9S6vkQjR.pgp Description: PGP signature
Re: Exim authentication
On Thu, 2002-06-20 at 04:08, Derrick 'dman' Hudson wrote: > On Wed, Jun 19, 2002 at 11:16:04PM -0700, Paul Johnson wrote: > | On Wed, Jun 19, 2002 at 03:20:48PM -0500, Mark Roach wrote: > | > | > I believe that putting the following in the authentication configuration > | > section will allow you to use PAM. You will just need to add a file > | > named /etc/pam.d/exim with the appropriate PAM config options > | > | For those of us not familiar with PAM, could we get an example of that, > | as well? > > It will look much like the other files in /etc/pam.d, but with any > different options you may prefer. For example : > > authrequiredpam_unix.so > account requiredpam_unix.so > passwordrequiredpam_unix.so > > If you use a different authentication source (eg ldap instead of > /etc/passwd) you would include those options. > > (Actually, I'm not terribly familiar with PAM, but I've managed to > convert a couple machines at work to use LDAP instead :-). It's > pretty cool.) I am also using LDAP, and I am pretty sure that is why this works for us but not Mike. Authentication against the shadow files can only ever be done by root, but with LDAP, anyone can attempt to bind. I am sure that someone out there has made an authentication process which runs as root which can be authenticated against by a normal user. If nothing else, writing a script which uses login or su to verify the password, and using that instead of PAM in exim.conf, might be easier to maintain (and more secure) than maintaining two copies of the shadow files... just a thought -Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
Hi! > I see two problems. > 1) If you used the authenticator Mark supplied, > then the data the client sent is wrong. The client > sent 3 strings -- the empty string, then the > username, then the password. The authenticator Mark > supplied expects the username first and the > password second. I have used: plain: driver = plaintext public_name = PLAIN server_condition = "${if pam{$2:$3}{1}{0}}" server_set_id = $2 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${if pam{$2:$3}{1}{0}}" server_set_id = $2 as is written in Exim specifications. And I use MIME encoded '\0user\0password' (\0 are NULL). Is this correct? Will mail clients use such line too? > 2) Is linux a system that requires root access to use > PAM? As Vineet Kumar said it is. So what is wrong? As I see exim uses correct strings for username and password and use PAM which returns that password isn't correct. I use this pam.d/exim file: #%PAM-1.0 auth required pam_unix.so accountrequired pam_unix.so sessionrequired pam_unix.so Mike __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
* Derrick 'dman' Hudson ([EMAIL PROTECTED]) [020620 20:43]: > On Thu, Jun 20, 2002 at 07:57:17PM -0700, ben wrote: > | On Thursday 20 June 2002 06:56 pm, Derrick 'dman' Hudson wrote: > | > Is linux a system that requires root access to use PAM? If so, then > | > pam can't be used directly by exim. You can, however, use a different > | > lookup for users (eg look in a passwd file made just for exim, or use > | > LDAP or SQL or something else). > | > > | > I hope PAM can be used on linux ... someone please tell me if root is > | > required. > The question is : > Can exim, running as user mail (uid=8?), perform user > authentication via PAM or must other methods be used? > This is to provide SMTP AUTH service. I know it won't affect other > aspects of exim. The answer is yes, exim can use pam with uid==8. I'm using SMTP auth with the debian-packaged exim, running under the default uid and gid, making use of pam authentication (with a separate user list via pam_listfile instead of with regular user accounts, but that's below the abstraction line as far as exim is concerned.) good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ pgpbQMIAT2HxK.pgp Description: PGP signature
Re: Exim authentication
On Thu, Jun 20, 2002 at 08:48:35PM -0700, Paul Johnson wrote: | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | On Thu, Jun 20, 2002 at 10:51:16PM -0500, Derrick 'dman' Hudson wrote: | > | If you can't use PAM to do this, then is there a way to copy out PAM | > | data to an exim-compatible file? | > | > Yeah, make a file (eg /etc/exim/passwd) such as | > | > | > user:{md5}4528e6a7bb9341c36c425faf40ef32c3 | | Is there a way to automate this? Like a script I can throw into a | nigtly cron job or something? Of course :-). Here's an example that presumes that md5 hashes are longer than 10 characters and other passwords are crypt()ed. It omits users where the password field contains a single character (system users) and the 'root' and 'sashroot' accounts. # awk -F: ' /^(sash)?root:/ { next } /^[^:]*:.[^:]/ { if ( length($2) > 10 ) { print $1 ":{md5}" $2 } else { print $1 ":" $2 } } ' /etc/shadow | > | | > | > I needed dict to figure this one out. Definition #1 fits well, and is | > amusing! | | I woulda tried The Jargon File directly first, but then again | http://ursine.dyndns.org/jargon/ is an official mirror... Well, when using 'view' as mutt's pager, typing :!dict AOL is easier and faster than looking up the Jargon File. Besides, dict looks in the Jargon File -- that's where definintion #1 came from :-). -D -- He who spares the rod hates his son, but he who loves him is careful to discipline him. Proverbs 13:24 http://dman.ddts.net/~dman/ pgpOGMsrTjztu.pgp Description: PGP signature
Re: Exim authentication
On Thursday 20 June 2002 08:53 pm, Derrick 'dman' Hudson wrote: > On Thu, Jun 20, 2002 at 07:57:17PM -0700, ben wrote: [snip] > | root is required for configuration. users get to use it but not to > | manipulate it. i messed around with it a while back but couldn't see a > | use for it on my dialup desktop. it allows you, as root, to determine > | which users get to use what services, so, appropriately configured, it > | shouldn't interfere with user access to exim. > > The question is : > Can exim, running as user mail (uid=8?), perform user > authentication via PAM or must other methods be used? > This is to provide SMTP AUTH service. I know it won't affect other > aspects of exim. > though i don't have practical experience to back this up, given that, in this case, mail is a user and smtp is a service, then, at least ideally, exim should be able to perform as necessary. if mail, as user, is authorized access via pam, then, it shouldn't affect the smtp auth process. check out www.kernel.org/pub/linux/libs/pam/ ben -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jun 20, 2002 at 10:51:16PM -0500, Derrick 'dman' Hudson wrote: > | If you can't use PAM to do this, then is there a way to copy out PAM > | data to an exim-compatible file? > > Yeah, make a file (eg /etc/exim/passwd) such as > > > user:{md5}4528e6a7bb9341c36c425faf40ef32c3 Is there a way to automate this? Like a script I can throw into a nigtly cron job or something? > | > > I needed dict to figure this one out. Definition #1 fits well, and is > amusing! I woulda tried The Jargon File directly first, but then again http://ursine.dyndns.org/jargon/ is an official mirror... - -- Baloo -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9EqITNtWkM9Ny9xURAvZvAJ4605fLaBKoA06SrPb2XlN6xIiBOwCgmDlY jM2+SXQf2jITKBAxBnwAgnc= =AA8E -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
On Thu, Jun 20, 2002 at 07:57:17PM -0700, ben wrote: | On Thursday 20 June 2002 06:56 pm, Derrick 'dman' Hudson wrote: | [snip] | > | > Is linux a system that requires root access to use PAM? If so, then | > pam can't be used directly by exim. You can, however, use a different | > lookup for users (eg look in a passwd file made just for exim, or use | > LDAP or SQL or something else). | > | > I hope PAM can be used on linux ... someone please tell me if root is | > required. | | root is required for configuration. users get to use it but not to manipulate | it. i messed around with it a while back but couldn't see a use for it on my | dialup desktop. it allows you, as root, to determine which users get to use | what services, so, appropriately configured, it shouldn't interfere with user | access to exim. The question is : Can exim, running as user mail (uid=8?), perform user authentication via PAM or must other methods be used? This is to provide SMTP AUTH service. I know it won't affect other aspects of exim. -D -- A man of many companions may come to ruin, but there is a friend that sticks closer than a brother. Proverbs 18:24 http://dman.ddts.net/~dman/ pgpI7W7LZBxYS.pgp Description: PGP signature
Re: Exim authentication
On Thu, Jun 20, 2002 at 07:23:17PM -0700, Paul Johnson wrote: | On Thu, Jun 20, 2002 at 08:56:22PM -0500, Derrick 'dman' Hudson wrote: | | > Is linux a system that requires root access to use PAM? If so, then | > pam can't be used directly by exim. You can, however, use a different | > lookup for users (eg look in a passwd file made just for exim, or use | > LDAP or SQL or something else). | | If you can't use PAM to do this, then is there a way to copy out PAM | data to an exim-compatible file? Yeah, make a file (eg /etc/exim/passwd) such as user:{md5}4528e6a7bb9341c36c425faf40ef32c3 (in this case, "user"'s password is "pass") and use a variation on the sample authenticator created by eximconfig : plain: driver = plaintext public_name = PLAIN server_condition = "${if crypteq{$2}{ ${lookup{$1}lsearch{/etc/exim/passwd}{$value}{*}} } {1}{0} }" server_set_id = $1 (this one is untested, but I did test a simple 'eq' and it worked) Of course, one could always put login info in LDAP and use that directly :-). I was hoping exim could get to LDAP via PAM instead. (at work we're moving the authentication away from NIS and into LDAP) | > I hope PAM can be used on linux ... someone please tell me if root is | > required. | | I needed dict to figure this one out. Definition #1 fits well, and is amusing! -D -- Windows, hmmm, does it come with a GUI interface that works or just pretty blue screens? http://dman.ddts.net/~dman/ pgpDTByfVvRhY.pgp Description: PGP signature
Re: Exim authentication
On Thursday 20 June 2002 06:56 pm, Derrick 'dman' Hudson wrote: [snip] > > Is linux a system that requires root access to use PAM? If so, then > pam can't be used directly by exim. You can, however, use a different > lookup for users (eg look in a passwd file made just for exim, or use > LDAP or SQL or something else). > > I hope PAM can be used on linux ... someone please tell me if root is > required. > > -D root is required for configuration. users get to use it but not to manipulate it. i messed around with it a while back but couldn't see a use for it on my dialup desktop. it allows you, as root, to determine which users get to use what services, so, appropriately configured, it shouldn't interfere with user access to exim. ben -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jun 20, 2002 at 08:56:22PM -0500, Derrick 'dman' Hudson wrote: > Is linux a system that requires root access to use PAM? If so, then > pam can't be used directly by exim. You can, however, use a different > lookup for users (eg look in a passwd file made just for exim, or use > LDAP or SQL or something else). If you can't use PAM to do this, then is there a way to copy out PAM data to an exim-compatible file? > I hope PAM can be used on linux ... someone please tell me if root is > required. - -- Baloo -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9Eo4VNtWkM9Ny9xURAs+oAJ9ESE5eYvltTBiF1JJF1vrz01XSOACcCLgp cAQWJY9pwYZ6cLFLcP4dN+A= =EBdN -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
On Thu, Jun 20, 2002 at 09:43:41AM -0700, Mike Mimic wrote: | Hi! | | > Run exim from a shell with '-d9' and then try again. | | I have tryed and I get (nothing helpful): | | Running PAM authentication for user "[erased]" | PAM error: Authentication failure | plain authenticator: | $1 = | $2 = [erased] | $3 = [erased] I see two problems. 1) If you used the authenticator Mark supplied, then the data the client sent is wrong. The client sent 3 strings -- the empty string, then the username, then the password. The authenticator Mark supplied expects the username first and the password second. 2) I'm not sure if this is a problem on linux, but this is from exim's spec : In some operating systems, PAM authentication can be done only from a process running as root. Since Exim is running as the Exim user when receiving messages, this means that PAM cannot be used directly in those systems. Is linux a system that requires root access to use PAM? If so, then pam can't be used directly by exim. You can, however, use a different lookup for users (eg look in a passwd file made just for exim, or use LDAP or SQL or something else). I hope PAM can be used on linux ... someone please tell me if root is required. -D -- In my Father's house are many rooms; if it were not so, I would have told you. I am going there to prepare a place for you. And if I go and prepare a place for you, I will come and take you to be with me that you also may be where I am. John 14:2-3 http://dman.ddts.net/~dman/ pgpN7Z8Zu1x9b.pgp Description: PGP signature
Re: Exim authentication
Hi! > Run exim from a shell with '-d9' and then try again. I have tryed and I get (nothing helpful): Running PAM authentication for user "[erased]" PAM error: Authentication failure plain authenticator: $1 = $2 = [erased] $3 = [erased] expanded string: 0 SMTP>> 535 Incorrect authentication data 535 Incorrect authentication data LOG: 0 MAIN REJECT What should work. The problem is that PAM fails (with correct username and password). Mike __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
Hi! > Run exim from a shell with '-d9' and then try again. I have tryed and I get (nothing helpful): Running PAM authentication for user "[erased]" PAM error: Authentication failure plain authenticator: $1 = $2 = [erased] $3 = [erased] expanded string: 0 SMTP>> 535 Incorrect authentication data 535 Incorrect authentication data LOG: 0 MAIN REJECT What should work. The problem is that PAM fails (with correct username and password). Mike __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
Hi! > Run exim from a shell with '-d9' and then try again. I have tryed and I get (nothing helpful): Running PAM authentication for user "[erased]" PAM error: Authentication failure plain authenticator: $1 = $2 = [erased] $3 = [erased] expanded string: 0 SMTP>> 535 Incorrect authentication data 535 Incorrect authentication data LOG: 0 MAIN REJECT What should work. The problem is that PAM fails (with correct username and password). Mike __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
On Wed, Jun 19, 2002 at 11:16:04PM -0700, Paul Johnson wrote: | On Wed, Jun 19, 2002 at 03:20:48PM -0500, Mark Roach wrote: | | > I believe that putting the following in the authentication configuration | > section will allow you to use PAM. You will just need to add a file | > named /etc/pam.d/exim with the appropriate PAM config options | | For those of us not familiar with PAM, could we get an example of that, | as well? It will look much like the other files in /etc/pam.d, but with any different options you may prefer. For example : authrequiredpam_unix.so account requiredpam_unix.so passwordrequiredpam_unix.so If you use a different authentication source (eg ldap instead of /etc/passwd) you would include those options. (Actually, I'm not terribly familiar with PAM, but I've managed to convert a couple machines at work to use LDAP instead :-). It's pretty cool.) -D -- The way of a fool seems right to him, but a wise man listens to advice. Proverbs 12:15 http://dman.ddts.net/~dman/ pgpVwCjTPJlRs.pgp Description: PGP signature
Re: Exim authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jun 19, 2002 at 03:20:48PM -0500, Mark Roach wrote: > I believe that putting the following in the authentication configuration > section will allow you to use PAM. You will just need to add a file > named /etc/pam.d/exim with the appropriate PAM config options For those of us not familiar with PAM, could we get an example of that, as well? - -- Baloo "Cooking spray?" Ursidae -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9EXMkNtWkM9Ny9xURAtepAJ4qZwL6AaZ/9c63rzdIdzUwDTlNjwCeK9Rz BH+GVot7Ekfi080PLhYrJw0= =Hgyg -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jun 19, 2002 at 01:18:46PM -0700, Mike Mimic wrote: > Yes, I would like to implement that. The problem is > that examples use plain text file, but I would like > to use system accounts (I have shadow passwords). Yeah, I'm in roughly the same position, myself and have yet to find a solution for it (but I'm also long off actively looking for it at this point, more at "Hey, Google accidently found this on a search for toaster ovens" type stage at this point. - -- Baloo -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9EXKlNtWkM9Ny9xURArHTAJ9LATZ7/i/oxWZJgGu3NP/pMPH+PwCgsEoP NN8UuJl4+knHvkC1G4iaW/Y= =/DWW -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
On Wed, Jun 19, 2002 at 02:44:34PM -0700, Mike Mimic wrote: | > I believe that putting the following in the authentication | > configuration section will allow you to use PAM. You will just | > need to add a file named /etc/pam.d/exim with the appropriate PAM | > config options | | I have made /etc/pam.d/exim with: | | #%PAM-1.0 | auth required pam_unix.so | accountrequired pam_unix.so | | But I (still) get 334 535 Incorrect authentication | data. | | Should I change anything more? Run exim from a shell with '-d9' and then try again. You'll get lots of debug info in your shell, and that should tell you what exim is trying to do and why it considers the authentication to have failed. HTH, -D -- Thy Word is a lamp unto my feet and a light unto my path. Psalms 119:105 http://dman.ddts.net/~dman/ pgp3q6ov9XOy4.pgp Description: PGP signature
Re: Exim authentication
Hi! > I believe that putting the following in the > authentication configuration > section will allow you to use PAM. You will just > need to add a file > named /etc/pam.d/exim with the appropriate PAM > config options I have made /etc/pam.d/exim with: #%PAM-1.0 auth required pam_unix.so accountrequired pam_unix.so But I (still) get 334 535 Incorrect authentication data. Should I change anything more? (I use Pegasus Mail and I add both PLAIN and LOGIN sections) Mike __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
On Wed, 2002-06-19 at 15:18, Mike Mimic wrote: > Hi! > > > | How can I set that user should login for SMTP the > > same > > | as for POP3? So he should use the same username > > and > > | password as for POP3 (that is the user linux > > account > > | username and password). > > > > Instead, exim supports SMTP AUTH. > > Yes, I would like to implement that. The problem is > that examples use plain text file, but I would like > to use system accounts (I have shadow passwords). > > So what's the code for server_condition for that? > I believe that putting the following in the authentication configuration section will allow you to use PAM. You will just need to add a file named /etc/pam.d/exim with the appropriate PAM config options login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = "${if pam{$1:$2}{1}{0}}" server_set_id = $1 -Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
Hi! > | How can I set that user should login for SMTP the > same > | as for POP3? So he should use the same username > and > | password as for POP3 (that is the user linux > account > | username and password). > > Instead, exim supports SMTP AUTH. Yes, I would like to implement that. The problem is that examples use plain text file, but I would like to use system accounts (I have shadow passwords). So what's the code for server_condition for that? Mike __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Exim authentication
On Tue, Jun 18, 2002 at 03:44:57PM -0700, Mike Mimic wrote: | How can I set that user should login for SMTP the same | as for POP3? So he should use the same username and | password as for POP3 (that is the user linux account | username and password). This is not easy to do directly, and is flaky at best. The whole POP-before-SMTP concept is based on 1) the user does SMTP before the timeout after POPing 2) the user keeping the same IP address until after the timeout 3) no other (malicious) user obtaining the "authenticated" IP during the window of opportunity. Due to the inherent flaws in pop-before-smtp, Philip isn't about to include direct support for it in exim. Instead, exim supports SMTP AUTH. That's what the authenticators are for -- providing direct AUTHentication via the ESMTP protocol (see RFC 2554). However, I have not dealt with that part of exim yet. The spec is very good (/usr/share/doc/exim/spec.txt) and you can get support from the exim-users mailing list. HTH, -D -- Dishonest money dwindles away, but he who gathers money little by little makes it grow. Proverbs 13:11 http://dman.ddts.net/~dman/ pgpEOWILgx6IT.pgp Description: PGP signature