[Pkg-exim4-users] Exim 4 Help
Nick Khamis
nkhamis at symack.com
Wed Feb 1 18:35:44 UTC 2006
Can You Please send me a safe and secure way to setup exim4-daemon-heavy to
allow remote users to send email through our mail server after being AUTH
with plain text that is encypted using TLS/SSL. What I am having dificulty
in doing is
1. getting port 465 open - When I nmap localhost I don't see port 465 open,
should I just open the port using inted or create /etc/xinted/exim file with
the ssl-smtp service.
2. when I issue the command telnet loalhost 25 I am getting
--------------------------------------------------------------------------------
250-ms1.symack.com Hello root at ms1.symack.com [127.0.0.1]
250-SIZE 20971520
250-PIPELINING
250-AUTH PLAIN
250 HELP
------------------------------------------------------------------------------
I am not getting the STARTTLS
3. I am having this error that is killing me in mainlog file
2006-01-31 15:29:39 TLS error on connection from ms1.symack.com [192.168.1.11]
(no TLS server certificate is specified).
I have TLS_CERTIFICATE option pointing to the right file
I love Debian and it's cause, I run my web server using debian I am just
trying to offer my customers email for obvious reasons. I just don't want
people to relay messages "spam" from the email server so what I am asking for
is a step by step method to setup exim 4.5 to relay message for remote users
that have been AUTH using plain text which is encypted by self signed
certificate.
1. What do I need to do in exim.conf to enable TLS
2. " " " " " " for Plain Text AUTH
3. How to setup self signed with openssl Certificates and Keys that exim
"likes"
Don;t get me wrong I have been researching the documents and forums and
configured exim.conf file in conjunction with. All that is not working is
the STARTTLS and proper Certificate. The attachment is my exim.conf file and
xinetd. Please, you help will be greatly appreciated.
A little About myself
My name is Nick Khamis <www.symack.com> I am 17 years old trying to setup a
web server "Successful in doing so" and email server "Almost there". And with
you help I beleive I can complete the last little link.
Thank You Very Much
Nick Khamis
-------------- next part --------------
#########
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# this file is generated dynamically from the files in
# CONFDIR/conf.d/ or /etc/exim4/exim4.conf.template respectively and
# /etc/exim4/update-exim4.conf.conf
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########
never_users = root
# Incoming tweaks
#
# Max number of simultaneous SMTP calls to accept
# (aka max number of exim processes) Default is 20
smtp_accept_max = 20
# Max number of waiting SMTP connections.
# Gives some protection against denial-of-service attacks by SYN flooding
# Default is 20
smtp_connect_backlog = 20
# Max number of MAIL commands that Exim is prepared to accept over a
# single SMTP connection, after which a 421 is given. Default is 1000
smtp_accept_max_per_connection = 100
# Max number of simultaneous incoming SMTP calls before messages
# are just placed on the queue. Default is 0 (no limit)
smtp_accept_queue = 150
# Max number of delivery processes that Exim starts automatically when
# receiving messages via SMTP before starting to queue. Default is 10
smtp_accept_queue_per_connection = 15
# When smtp_accept_max is set greater than zero, this option specifies a
# number of SMTP connections that are reserved for connections from the
# hosts that are specified in smtp_reserve_hosts. Default is 0
#smtp_accept_reserve = 0
# Hosts for which SMTP connections are reserved (host list, expanded)
# Default is unset
#smtp_reserve_hosts =
# Max system load before not accepting SMTP calls,
# except for hosts defined in smtp_reserve_hosts
# Default is unset (fixed point)
#smtp_load_reserve
# Check disk resources before accepting mail
# A 452 temporary error response for SMTP.
# A message to stderr and return of non-zero for BSMTP.
# Check spool partion
# Default for all is 0
check_spool_inodes = 100
check_spool_space = 20M
# Check log file partion
# Set only if on a different disk than the spool
check_log_inodes = 2048
check_log_space = 3M
# Max message size to accept
# Default is 50M
message_size_limit = 20M
# Max bounce message size to send
# Default is 100K
return_size_limit = 10K
# Alternative to return_size_limit is to set
#bounce_return_message = false
# Time to wait for ident query response
# Default is 30s
rfc1413_query_timeout = 10s
#
# Clean up tweaks
#
# Redundant pairs of angle brackets around addresses are removed
# Default is false
strip_excess_angle_brackets = true
# Ignore a trailing dot at the end of a domain in an address
# Default is false
strip_trailing_dot = true
#
# Processing tweaks
#
# Intervals a warning message to the sender when there is a delay
# Default is 24h
delay_warning = 2h:8h:24h:48h
# Who to send a mail to when a message is frozen
freeze_tell = postmaster
# Time before a queue runner will try a new delivery attempt
# on any frozen message. Default is 0s
auto_thaw = 4d
# Retry a bounce message delivery and fail if not delivered
# Default is 10w
ignore_bounce_errors_after = 3d
# If a frozen message of any description that has been on the
# queue for longer than the given time is automatically cancelled
# at the next queue run. Default is 0s
timeout_frozen_after = 5d
# Abandon queue runs if system load is greater than this
# Default is unset
deliver_queue_load_max = 20
# If system load is higher than this queue incoming messages
# Default is unset
queue_only_load = 20
# Max queue-runner processes to run simultaneously
# Default is 5
queue_run_max = 30
#I Also Added
primary_hostname = ms1.symack.com
exim_path = /usr/sbin/exim4
.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif
.ifndef DC_minimaldns
.endif
.ifndef DC_visiblename
DC_visiblename=ms1.symack.com
.endif
.ifndef MAIN_LOCAL_DOMAINS
MAIN_LOCAL_DOMAINS = @:localhost
.endif
domainlist local_domains = @:symack.com:bullardbrothers.com
.ifndef MAIN_RELAY_TO_DOMAINS
MAIN_RELAY_TO_DOMAINS = @:localhost
.endif
domainlist relay_to_domains = symack.com:bullardbrothers.com
.ifndef MAIN_RELAY_NETS
MAIN_RELAY_NETS =
.endif
#hostlist relay_from_hosts = 127.0.0.1 : ::::1 : MAIN_RELAY_NETS
# Accept from all
hostlist relay_from_hosts = *
# Or Accept only from specified (ex localhost can send to relay_to_domains)
#hostlist relay_from_hosts = 127.0.0.1
.ifdef DC_visiblename
qualify_domain = DC_visiblename
.endif
.ifndef DCreadhost
DCreadhost =
.endif
.ifndef DCsmarthost
DCsmarthost =
.endif
.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.else
.endif
.ifndef LOCAL_DELIVERY
LOCAL_DELIVERY=maildir_home
.endif
gecos_pattern = ^([^,:]*)
gecos_name = $1
.ifndef DCconfig_satellite
.ifndef DCconfig_internet
.ifndef DCconfig_local
.ifndef DCconfig_smarthost
DCconfig_internet = 1
.endif
.endif
.endif
.endif
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|\'`#&?]
.endif
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!\'`#&?] : ^.*/\\.\\./
.endif
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif
.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif
.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif
.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR
.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif
.ifdef MAIN_TLS_ENABLE
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = /etc/ssl/certs/rsa.pem
.endif
tls_certificate = MAIN_TLS_CERTIFICATE
.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = /etc/ssl/certs/rsa-key.pem
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
{/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif
.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.endif
begin acl
acl_whitelist_local_deny:
accept
hosts = ${if exists{CONFDIR/local_host_whitelist}\
{CONFDIR/local_host_whitelist}\
{}}
accept
senders = ${if exists{CONFDIR/local_sender_whitelist}\
{CONFDIR/local_sender_whitelist}\
{}}
.ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.endif
acl_check_rcpt:
accept
hosts = @:symack.com:bullardbrothers.com
warn
hosts = +relay_from_hosts
control = submission/sender_retain
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster:nkhamis:dougsmith
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains
deny
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_whitelist_local_deny
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
deny
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_whitelist_local_deny
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Sender verification failed
!acl = acl_whitelist_local_deny
!verify = sender
.endif
deny
!acl = acl_whitelist_local_deny
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout
deny
!acl = acl_whitelist_local_deny
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout
.ifdef CHECK_RCPT_REVERSE_DNS
warn
message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
{yes}{no}}
.endif
.ifdef CHECK_RCPT_IP_DNSBLS
warn
message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
dnslists = CHECK_RCPT_IP_DNSBLS
.endif
.ifdef CHECK_RCPT_DOMAIN_DNSBLS
warn
message = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS/$sender_address_domain
.endif
.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif
accept
domains = +local_domains
endpass
message = unknown user
verify = recipient
accept
domains = +relay_to_domains
endpass
.ifdef CHECK_RCPT_GIVE_UNKNOWN_USER
message = ${if eq{$acl_verify_message}{Unrouteable address}{unknown user}{$acl_verify_message}}
.else
message = unrouteable address
.endif
verify = recipient
accept
hosts = +relay_from_hosts
accept
authenticated = *
deny
message = relay not permitted
acl_check_data:
.ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
message = Message headers fail syntax check
!acl = acl_whitelist_local_deny
!verify = header_syntax
.endif
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_whitelist_local_deny
!verify = header_sender
.endif
.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif
accept
begin routers
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
debug_print = "R: domain_literal for $local_part@$domain"
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
.endif
hubbed_hosts:
debug_print = "R: hubbed_hosts for $domain"
driver = manualroute
domains = "${if exists{CONFDIR/hubbed_hosts}\
{partial-lsearch;CONFDIR/hubbed_hosts}\
fail}"
route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
transport = remote_smtp
.ifdef DCconfig_internet
dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more
dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
no_more
.endif
.ifdef DCconfig_local
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
.endif
.ifdef DCconfig_smarthost DCconfig_satellite
smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
no_more
.endif
real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
domains = +local_domains
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY
system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
.ifdef SYSTEM_ALIASES_USER
user = SYSTEM_ALIASES_USER
.endif
.ifdef SYSTEM_ALIASES_GROUP
group = SYSTEM_ALIASES_GROUP
.endif
.ifdef SYSTEM_ALIASES_FILE_TRANSPORT
file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
.endif
.ifdef DCconfig_satellite
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
domains = +local_domains
data = ${local_part}@DCreadhost
check_local_user
hub_user_smarthost:
debug_print = "R: hub_user_smarthost for $local_part@$domain"
driver = manualroute
domains = DCreadhost
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
check_local_user
.endif
userforward:
debug_print = "R: userforward for $local_part@$domain"
driver = redirect
domains = +local_domains
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
allow_filter
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
skip_syntax_errors
syntax_errors_to = real-$local_part@$domain
syntax_errors_text = \
This is an automatically generated message. An error has\n\
been found in your .forward file. Details of the error are\n\
reported below. While this error persists, you will receive\n\
a copy of this message for every message that is addressed\n\
to you. If your .forward file is a filter file, or if it is\n\
a non-filter file containing no valid forwarding addresses,\n\
a copy of each incoming message will be put in your normal\n\
mailbox. If a non-filter file contains at least one valid\n\
forwarding address, forwarding to the valid addresses will\n\
happen, and those will be the only deliveries that occur.
procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = procmail_pipe
require_files = ${local_part}:\
${if exists{/etc/procmailrc}\
{/etc/procmailrc}{${home}/.procmailrc}}:\
+/usr/bin/procmail
no_verify
no_expn
maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn
local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY
mail4root:
debug_print = "R: mail4root for $local_part@$domain"
driver = redirect
domains = +local_domains
data = /var/mail/mail
file_transport = address_file
local_parts = root
user = mail
group = mail
begin transports
address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output
address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply
mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false
maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
.ifdef MAILDIR_HOME_MAILDIR_LOCATION
directory = MAILDIR_HOME_MAILDIR_LOCATION
.else
directory = $home/Maildir
.endif
.ifdef MAILDIR_HOME_CREATE_DIRECTORY
create_directory
.endif
.ifdef MAILDIR_HOME_CREATE_FILE
create_file = MAILDIR_HOME_CREATE_FILE
.endif
delivery_date_add
envelope_to_add
return_path_add
maildir_format
.ifdef MAILDIR_HOME_DIRECTORY_MODE
directory_mode = MAILDIR_HOME_DIRECTORY_MODE
.else
directory_mode = 0700
.endif
.ifdef MAILDIR_HOME_MODE
mode = MAILDIR_HOME_MODE
.else
mode = 0600
.endif
mode_fail_narrower = false
maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
envelope_to_add
procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
tls_tempfail_tryclear = false
address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
envelope_to_add = true
return_path_add = true
check_string = ""
escape_string = ""
maildir_format
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail} Ffrs
*@ms1.symack.com ${lookup{${local_part}}lsearch{/etc/email-addresses}{$value}fail} Ffrs
begin authenticators
#cram_md5:
# driver = cram_md5
# public_name = CRAM-MD5
# client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}#
# client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
plain:
driver = plaintext
public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "${if !eq{$tls_cipher}{}{\
^${extract{1}{::}\
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
^${extract{2}{::}\
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
}fail}"
.else
client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.endif
login:
driver = plaintext
public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "${if !eq{$tls_cipher}{}{}fail}\
: ${extract{1}{::}\
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
: ${extract{2}{::}\
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.else
client_send = ": ${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} : ${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.endif
# AUTH stuff here
fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if and {{eq{$2}{nkhamis}}{eq{$3}{Shlemon1}}}{yes}{no}}
server_set_id = $2
-------------- next part --------------
service exim-ssl
{
socket_type= stream
protocol = tcp
port = 465
user = root
server = /usr/bin/exim4
server_args = -bs -tls-on-connect
wait = no
}
More information about the Pkg-exim4-users
mailing list