Mailing List Archive

> I presume the variable ${domain} its not present in the login namespace so I
> wonder if theres a way to do this thing...

I'm could be barking up the wrong tree here, not being an exim expert
yet and having only been on this list for 20 minutes maybe i should keep
quiet, so take this with a bag of salt, but....

surely the smtp authentication occurs before the MAIL / RCPT line - and
surely these are used to determine the 'destination domain'.

In fact isn't this the same 'protocol problem' that HTTPS (and SMTPS?)
has where the SSL is negotiated before the server is told of the virtual
host identification, so it can only ever reply with one generic certificate.

Again, here, this occurs before the virtualhost is specified (in the
RCPT TO list presumably) therefor you can not make any reasonable
decisions on this at authentication time...?

Someone dispel my illusions or back me up please :D

(i.e., surely it's technically impossible without implementing alternate
methods of virtual hosting - 'trap' the DNS request from an IP :P )

Iain

On Thu, 27 Jun 2002, [iso-8859-1] Víctor Romero wrote:

> The wrong thing come here: I put it the following in the login: section
>
> login:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = "${if
> crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/virtual-domains/${domain}/passwd}{$value}{*:*}}}}}{1}{0}}"
> server_set_id = $1
>
> ( Note the ${domain} in the server_condition )
>
> I think it should work but I get the this log :
>
> 2002-06-27 13:46:13 Authentication failed for pasarela2.bingdata.net (victor)
> [213.0.106.196]:
> 435 Unable to authenticate at present: failed to open
> /etc/virtual-domains//passwd for linear s
> earch: No such file or directory
>
>
> I presume the variable ${domain} its not present in the login namespace so I
> wonder if theres a way to do this thing...

you've gone wrong at an important place here (at least, that's what i
think. it's a common enough problem, that makes me presume that ;)

{${extract{1}{:}{${lookup{$1}lsearch{/etc/virtual-domains/${domain}/passwd}{$value}{*:*}}

if your password file looks like

username:(encrypted)password

which i suppose it does, then this extract{} stuff is most irrelevant
here. i once posted a verbose-ish explanation why it is so, you might
want to search for that. (fact is i'm too lazy to look for it myself
or write it again :) in short, don't extract. just lsearch.

wrt $domain being present, i think it's not there, you're right in
this point. authentication goes by usernames and passwords. you don't
even know (hence you can't have) the domain at the auth stage.


--
[-]

> >
> > 2002-06-27 13:46:13 Authentication failed for pasarela2.bingdata.net
> > (victor) [213.0.106.196]:
> > 435 Unable to authenticate at present: failed to open
> > /etc/virtual-domains//passwd for linear s
> > earch: No such file or directory
> >
> >
> > I presume the variable ${domain} its not present in the login namespace
> > so I wonder if theres a way to do this thing...
>
> you've gone wrong at an important place here (at least, that's what i
> think. it's a common enough problem, that makes me presume that ;)
>
> {${extract{1}{:}{${lookup{$1}lsearch{/etc/virtual-domains/${domain}/passwd}
>{$value}{*:*}}
>
> if your password file looks like
>
> username:(encrypted)password
>
> which i suppose it does, then this extract{} stuff is most irrelevant
> here. i once posted a verbose-ish explanation why it is so, you might
> want to search for that. (fact is i'm too lazy to look for it myself
> or write it again :) in short, don't extract. just lsearch.
>
> wrt $domain being present, i think it's not there, you're right in
> this point. authentication goes by usernames and passwords. you don't
> even know (hence you can't have) the domain at the auth stage.

Really the extract its not a problem ( in fact its the example of the sample
config ) the main problem I have its the ${domain} lack...

So I need to autenticate virtual domain users and dont want to have them all
in the same file, just want to have it in "/etc/exim/domain/passwd" instead
"/etc/exim/passwd" ( I need it to do a trick with teapop and have working
virtual domains in pop3 too )

May be Im totally wrong, is there another elegant way to do virtual domain
smtp authentication ?

Greetings

On Thu, 27 Jun 2002, Víctor Romero wrote:

>
> Really the extract its not a problem ( in fact its the example of the sample

depends. if you have the password file in the format i suggested, then
the extract is a problem. you can argue about that, but that doesn't
make it a no-problem. noone can judge it until you share how your
password file looks like.

> May be Im totally wrong, is there another elegant way to do virtual domain
> smtp authentication ?

use the full email address as the username. that you can chunk in
pieces if you want to keep the structure that you have (that your
snippet suggests at least).


--
[-]

This one works for me. The paths are different but the concept is the same.
(BTW, I didn't write this...props to Michael!)

=C=

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if and{ {!eq{$1}{}}{!eq{$2}{}} \
{crypteq {$2} {${lookup {${local_part:$1}} lsearch \
{/etc/virtual/${domain:$1}/passwd}\
{$value} {*:*}}}} } {1}{0}}"
server_set_id = $1

*
* Cal Evans
* Journeyman Programmer
* Techno-Mage
* http://www.calevans.com
*


-----Original Message-----
From: exim-users-admin@exim.org [mailto:exim-users-admin@exim.org]On
Behalf Of Victor Romero
Sent: Thursday, June 27, 2002 4:54 AM
To: exim-users@exim.org
Subject: [Exim] Virtual domains and plain/login authentication



Actually Im trying to setup a exim server for multiple domains, so I did
this:

Change the "local_delivery" "file" to
/var/spool/main/${domain}/${local_part}

And it works pretty fine so I have the domain mails separated.

The wrong thing come here: I put it the following in the login: section

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/virtual-domains/${domai
n}/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $1

( Note the ${domain} in the server_condition )

I think it should work but I get the this log :

2002-06-27 13:46:13 Authentication failed for pasarela2.bingdata.net
(victor)
[213.0.106.196]:
435 Unable to authenticate at present: failed to open
/etc/virtual-domains//passwd for linear s
earch: No such file or directory


I presume the variable ${domain} its not present in the login namespace so
I
wonder if theres a way to do this thing...


Thanks in advance


--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##

On Thu, 27 Jun 2002, Iain Price wrote:

> surely the smtp authentication occurs before the MAIL / RCPT line - and
> surely these are used to determine the 'destination domain'.

Yup.

> Someone dispel my illusions or back me up please :D

Not bad for someone who's only 20 minutes old. :-)


--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.

On Thu, 27 Jun 2002, Tamas TEVESZ wrote:

> On Thu, 27 Jun 2002, [iso-8859-1] Víctor Romero wrote:
>
> > The wrong thing come here: I put it the following in the login: section
> >
> > login:
> > driver = plaintext
> > public_name = LOGIN
> > server_prompts = "Username:: : Password::"
> > server_condition = "${if
> > crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/virtual-domains/${domain}/passwd}{$value}{*:*}}}}}{1}{0}}"
> > server_set_id = $1
> >
> > ( Note the ${domain} in the server_condition )
> >
> > I think it should work but I get the this log :
> >
> > 2002-06-27 13:46:13 Authentication failed for pasarela2.bingdata.net (victor)
> > [213.0.106.196]:
> > 435 Unable to authenticate at present: failed to open
> > /etc/virtual-domains//passwd for linear s
> > earch: No such file or directory
> >
> >
> > I presume the variable ${domain} its not present in the login namespace so I
> > wonder if theres a way to do this thing...
>
> you've gone wrong at an important place here (at least, that's what i
> think. it's a common enough problem, that makes me presume that ;)
>
> {${extract{1}{:}{${lookup{$1}lsearch{/etc/virtual-domains/${domain}/passwd}{$value}{*:*}}
>
> if your password file looks like
>
> username:(encrypted)password
>
> which i suppose it does, then this extract{} stuff is most irrelevant
> here. i once posted a verbose-ish explanation why it is so, you might
> want to search for that. (fact is i'm too lazy to look for it myself
> or write it again :) in short, don't extract. just lsearch.
>
> wrt $domain being present, i think it's not there, you're right in
> this point. authentication goes by usernames and passwords. you don't
> even know (hence you can't have) the domain at the auth stage.
>

Yes, the user ould have to supply USER@DOMAIN and PASSWORD. You do
realize this is only for authenticated sending, and has nothing to do
with mail retreival, right? You have to have a sperate
POP/IMAP/webmail/local client for accessing mail..


>
> --
> [-]
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>


--