Exim authentication under FreeBSD

Odhiambo Washington odhiambo at gmail.com
Thu Jan 25 17:47:36 UTC 2018

On 25 January 2018 at 20:23, Frank Leonhardt <frank2 at fjl.co.uk> wrote:

> On 2018-01-25 15:28, Vincent Hoffman-Kazlauskas wrote:
>> On 25/01/2018 14:32, Frank Leonhardt wrote:
>>> On 2018-01-25 14:14, Lena at lena.kiev.ua wrote:
>>>> From: Frank Leonhardt <frank2 at fjl.co.uk>
>>>>> How do people do outgoing SMTP user-account authentication using Exim?
>>>>> I'm talking about traditional user accounts (/etc/passwd) here, not
>>>>> glorious LDAP or SQL database virtual users. If you've not come across
>>>>> this little problem-ette, Exim does not ever run as root and therefore
>>>>> can't check /etc/master.passwd like sendmail/saslauthd can.
>>>> I run a POP3 server (port mail/popa3d) on the same machine
>>>> and use obsolete removed port security/pam_pop3 with Exim's
>>>> server_condition = ${if pam{
>>>> and /etc/pam.d/exim :
>>>> auth required /usr/local/lib/pam_pop3.so hostname=localhost info
>>>> pwprompt=Password: timeout=5
>>>> account required pam_permit.so
>>> Thanks. This exact method is actually in the Exim documentation, but as
>>> you state, the port no longer exists.
>> I dont use exim on freebsd but
>> https://github.com/Exim/exim/wiki/AuthenticatedSmtpUsingSaslauthd
>> suggests you could use it with cyrus-sasl-authd which is an option in
>> the port has that as an option in "make config" but not selected by
>> default.
>> Another option the port has is dovecot auth if you run dovecot imap/pop3
>> https://wiki.dovecot.org/HowTo/EximAndDovecotSASL
>> I use the dovecot sasl with postfix happily, but as I said I've not
>> tried exim.
> Thanks. It's not the same on FreeBSD but it is possible to get it working
> with a bit of fiddling (i.e. add the third parameter which it will use to
> select the appropriate PAM module from /etc/pam.d/xxxx).
> There used to be a system called pwcheck but this is now deprecated by
> Exim; hence the question - what are other people doing?
> You can, theoretically, have Dovecot authenticate it (according to the
> Dovecot documentation). That's fine if you're running a IMAP/POP3 server on
> the same box.
> Regards, Frank.
If you are not running an IMAP4/POP3 on the server, I still think it's
trivial to generate a username:password pair from /etc/master.passwd and
create a file that is only readable by the Exim user and use that for auth
using a lookup passwd method. I remember doing that many years ago.

Best regards,
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

More information about the freebsd-questions mailing list