URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 45256
[ Назад ]

Исходное сообщение
"Exim: настройка SMTP авторизации."

Отправлено Maxx , 18-Июн-04 14:13 
Здравствуйте.

Натроил SMTP авторизацию на Exim (Exim 3.35 #1 ставился из пакетов, debian) путем добавления в конфиг в главную секцию строк:
....
#
host_auth_accept_relay = *
#
....

в конце конфига создал AUTHENTICATION CONFIGURATION и добавил в него
#################################
plain:
  driver = plaintext
  public_name = PLAIN
  server_prompts = :
  server_condition = "${if pam{$2:$3}{1}{0}}"
  server_set_id = $2

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = "${if pam{$1:$2}{1}{0}}"
  server_set_id = $1

end
#################################

Все прекрасно проработало примерно неделю, но сейчас в логах наблюдаю следующее:
2004-06-18 13:03:50 Authentication failed for xxx.domain.net [xxx.xxx.xxx.xxx]: 535 Incorrect authentication data

Не могу найти что и где поломалось, перезагрузка exim и всего сервера не помогли. :(( Кто-нибудь с подобным сталкивался?


Содержание

Сообщения в этом обсуждении
"Exim: настройка SMTP авторизации."
Отправлено taxafon , 26-Июн-04 03:42 
Кто ниубудь может обьяснить по конкретней как заставить Exim на smtp авторизацию?
Прочитав,
http://www.exim.org/exim-html-3.10/doc/html/spec_33.html#SEC 705 так ничего и не понял.

что куда в конфиге писать?


"Exim: настройка SMTP авторизации."
Отправлено sashas , 28-Июн-04 15:51 
>Кто ниубудь может обьяснить по конкретней как заставить Exim на smtp авторизацию?
>
>Прочитав,
>http://www.exim.org/exim-html-3.10/doc/html/spec_33.html#SEC 705 так ничего и не понял.
>
>что куда в конфиге писать?

У меня Екзим с СМТП-авторизацией.
Читай конфиг:
######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################

hide mysql_servers = localhost/mybase/usermail/password

primary_hostname = myhost.ru

domainlist local_domains = ${lookup mysql{SELECT domainname FROM domains \
                                WHERE domainname='$domain' AND type='LOCAL'}}

domainlist virtual_domains = ${lookup mysql{SELECT domainname FROM domains \
                                WHERE domainname='$domain' AND type='VIRTUAL'}}
                
domainlist relay_to_domains = ${lookup mysql{SELECT domainname FROM domains \
                                WHERE domainname='$domain' AND type='RELAY'}}
hostlist   relay_from_hosts = 127.0.0.1

#hostlist   relay_from_local =

hostlist   relay_from_list  = ${lookup mysql{SELECT hostname FROM hosts \
                WHERE hostname='$host'}}
                                
acl_smtp_rcpt = acl_check_rcpt
##acl_smtp_data = acl_check_data

#av_scanner = clamd:/var/run/clamav/clamd
#av_scanner = kavdaemon:/var/run/AvpCtl

log_selector =  \
    +all_parents \
    +lost_incoming_connection \
    +received_sender \
    +received_recipients \
    +smtp_confirmation \
    +smtp_syntax_error \
    +smtp_protocol_error
                            
allow_domain_literals = false
never_users = root:bin:daemon
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 1s
ignore_bounce_errors_after = 30m
timeout_frozen_after = 4d
freeze_tell = postmaster
auto_thaw = 1h
message_size_limit = 2M
recipients_max = 50
smtp_accept_max = 50
smtp_accept_max_per_connection = 50
smtp_connect_backlog = 50
smtp_accept_max_per_host = 25
split_spool_directory = true
remote_max_parallel = 15

trusted_users = uucp:mail

smtp_banner = "Welcome on our mail server!\n\
        Have a nice day!\n\n${primary_hostname} ESMTP"

######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################
begin acl

acl_check_rcpt:

  accept  hosts = :

  deny    message    = Your name are wrong
      local_parts   = ^.*[@%!/|] : ^\\.
  
#  deny      message    = HELO/EHLO required by SMTP RFC
#      condition    = ${if eq{$sender_helo_name}{}{yes}{no}}
  
  accept  local_parts   = postmaster
      domains       = +local_match {$sender_address_domain}{myhost\.ru

  accept  local_parts   = root
      domains       = +local_domains

  accept  local_parts   = webmaster
      domains       = +local_domains

#  require verify        = sender

#  deny    message        = host is listed in $dnslist_domain
#          dnslists       = sbl.spamhaus.org : \
#                           relays.ordb.org : \
#                           opm.blitzed.org

  accept  domains       = +relay_to_domains

  accept  domains       = +virtual_domains

  accept  hosts         = +relay_from_hosts

# rejecting
    deny    message      = Mail box is closed
        condition    = ${lookup mysql{SELECT * FROM \
            reject WHERE aliases='${quote_mysql:$local_part}@myhost\.ru'}{yes}{no}}

# blacklists
deny      message    = You are in blacklist of recipient
      condition     = ${lookup mysql{SELECT * FROM \
            blacklists WHERE \
                blackaddress='${quote_mysql:$sender_address}' AND \
            userid='${quote_mysql:$local_part}'}{yes}{no}}
            
# Not nessesary auth.
  accept  hosts = +relay_from_local
      condition    = ${if and{{match {2}{${lookup mysql{SELECT client_idnr FROM users \
            WHERE userid = '${quote_mysql:$sender_address_local_part}'}}}}\
            {match {$sender_address_domain}{myhost\.ru}}}{yes}{no}}

# Nessesary auth. Local mail
  accept  domains       = +local_domains
      authenticated = *
          endpass
          message       = User known but not equivalent to sender
          verify        = recipient
      condition    = ${if match {$sender_address}{$authenticated_id@myhost\.ru}{yes}{no}}

  accept  domains       = +local_domains
          endpass
      message    = Need autentificated
          verify        = recipient
      condition    = ${if !match {$sender_address_domain}{myhost\.ru}{yes}{no}}

# Nessesary auth. Remote mail
  accept  hosts        = +relay_from_local
      domains    = *
      authenticated = *
      endpass
          message       = User known but not equivalent to sender
          verify        = recipient
      condition    = ${if match {$sender_address}{$authenticated_id@myhost\.ru}{yes}{no}}
      
  deny    message       = relay not permitted
  
##acl_check_data:

# deny  message = This message contains a MIME error ($demime_reason)
#    demime = *
#    condition = ${if >{$demime_errorlevel}{2}{1}{0}}

#  deny  message = This message contains an unwanted file extension
#        demime = scr:vbs

#  deny  message = This message contains malware ($malware_name)
#    demime    = *
#    malware = *
                      
##  accept
  
######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################
                                                                                                                        
begin routers

virtual_router:
  driver = accept
  domains = +virtual_domains
  transport = virtual_delivery

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

dbmail_user:
  driver = accept
  condition = ${lookup mysql{SELECT alias_idnr FROM aliases WHERE \
            alias='${quote_mysql:$local_part@$domain}' OR \
        alias='${quote_mysql:$domain}'}{yes}{no}}
  transport = dbmail_delivery
                                                                                                                                      
######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################
                                                                                                                                      
begin transports
                                                                                                                                      
remote_smtp:
    driver = smtp
    
virtual_delivery:
    driver = pipe
    check_string =
    user = mailnull
    group = mail
    command = /usr/local/sbin/dbmail-smtp -d $local_part@myhost.ru
    current_directory = "/var/spool/dbmail"
    escape_string =
    message_prefix =
    message_suffix =
    path = "/bin:/sbin:/usr/local/bin:/usr/local/sbin"
                                                                                    
dbmail_delivery:
    driver = pipe
    check_string =
    user = mailnull
    group = mail
    command = /usr/local/sbin/dbmail-smtp -d ${pipe_addresses}
    current_directory = "/var/spool/dbmail"
    escape_string =
    message_prefix =
    message_suffix =
    path = "/bin:/sbin:/usr/local/bin:/usr/local/sbin"

address_pipe:
    driver = pipe
    return_output
                                                                                                                        
address_file:
    driver = appendfile
    delivery_date_add
    envelope_to_add
    return_path_add
                                                                                                                                                        
address_reply:
    driver = autoreply
                                                                                                                                                          
######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################
                                                                                                                                                          
begin retry
                                                                                                                                                          
# Domain               Error       Retries
# ------               -----       -------
                                                                                                                                                          
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
                                                                                                                                                          
######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################
                                                                                                                                                          
begin rewrite
                                                                                                                                                          
######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################
                                                                                                                                                          
# There are no authenticator specifications in this default configuration file.
                                                                                                                                                          
begin authenticators
                                                                                                                                                          
# AUTH PLAIN authentication method with MySQL used by Netscape Messenger.
auth_plain:
    driver = plaintext
    public_name = PLAIN
    server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup mysql{SELECT \
        passwd FROM users WHERE userid = '${quote_mysql:$2}'}}}}}{1}{0}}"
    server_set_id = $2
                                                                                                                                                              
# AUTH LOGIN authentication method with MySQL support used by Outlook Express.
auth_login:
    driver = plaintext
    public_name = LOGIN
    server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup mysql{SELECT \
        passwd FROM users WHERE userid = '${quote_mysql:$1}'}}}}}{1}{0}}"
    server_prompts = "Username:: : Password::"
    server_set_id = $1
                                                                                                                                                                    
######################################################################
#                   CONFIGURATION FOR local_scan()                   #
######################################################################
                                                                                                                                                                          
# If you have built Exim to include a local_scan() function that contains
# tables for private options, you can define those options here. Remember to
# uncomment the "begin" line. It is commented by default because it provokes
# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
# set in the Local/Makefile.
                                                                                                                                                                          
# begin local_scan
                                                                                                                                                                          
# End of Exim configuration file