Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
lpi2:exim4-sasl [2015/05/21 09:41] |
lpi2:exim4-sasl [2015/05/21 09:41] (aktuell) |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | Todo: DH-Parameter einbinden | ||
+ | |||
+ | ====== Benutzerauthentifizierung für exim4 ====== | ||
+ | Vorraussetzung: [[exim4]] [[sasl]] | ||
+ | |||
+ | Empfohlen wird die Verwendung von [[SSL]] | ||
+ | |||
+ | ===== Benötigte Pakete ===== | ||
+ | Debian ( ab 4.0 ): | ||
+ | exim4 sasl2-bin | ||
+ | |||
+ | |||
+ | ===== Konfiguration exim4 ===== | ||
+ | ''/etc/exim4/conf.d/auth/30_exim4-config_examples'' : | ||
+ | ( einfach Kommentarzeichen entfernen ) | ||
+ | <file> | ||
+ | plain_saslauthd_server: | ||
+ | driver = plaintext | ||
+ | public_name = PLAIN | ||
+ | server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}} | ||
+ | server_set_id = $auth2 | ||
+ | server_prompts = : | ||
+ | .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS | ||
+ | server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} | ||
+ | .endif | ||
+ | |||
+ | login_saslauthd_server: | ||
+ | driver = plaintext | ||
+ | public_name = LOGIN | ||
+ | server_prompts = "Username:: : Password::" | ||
+ | # don't send system passwords over unencrypted connections | ||
+ | server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}} | ||
+ | server_set_id = $auth1 | ||
+ | .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS | ||
+ | server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} | ||
+ | .endif | ||
+ | </file> | ||
+ | |||
+ | ''/etc/exim4/conf.d/main/000_localmacros'' : ( nur ohne [[SSL]] notwendig ) | ||
+ | <file> | ||
+ | AUTH_SERVER_ALLOW_NOTLS_PASSWORDS="true" | ||
+ | </file> | ||
+ | |||
+ | update-exim4.conf | ||
+ | /etc/init.d/exim4 reload | ||
+ | |||
+ | ===== Testen ===== | ||
+ | ==== Benötigte Pakete ==== | ||
+ | Debian: | ||
+ | swaks oder libmime-perl oder metamail | ||
+ | |||
+ | ==== swaks ==== | ||
+ | swaks -f from@example.com -t to@example.com -s localhost -a -au nutzer14 -ap test -apt | ||
+ | |||
+ | ==== netcat / telnet ==== | ||
+ | Encodiertes Passwort erzeugen: | ||
+ | perl -MMIME::Base64 -e 'print encode_base64("iw\0iw\0passwort")' | ||
+ | oder: | ||
+ | echo -en "iw\0iw\0passwort" | mimencode | ||
+ | |||
+ | Authentifizierung testen: | ||
+ | netcat -v localhost 25 | ||
+ | 220 notebook12.linuxhotel.de ESMTP Postfix (Debian/GNU) | ||
+ | EHLO localhost | ||
+ | 250-localhost | ||
+ | 250-AUTH LOGIN PLAIN | ||
+ | AUTH PLAIN aXcAaXcAdGVzdA== | ||
+ | 235 Authentication successful | ||
+ | |||
+ | ===== Dokumentation ===== | ||
+ | ==== Debian ==== | ||
+ | * /usr/share/doc/sasl2-bin/README.Debian | ||
+ | * /usr/share/doc/exim4-base/README.Debian.gz | ||