# This is an exim code snippet and part of the # "Debian Exim Secure Authentification Pseudo-HOW-TO" # (see http://ente.limmat.ch/kb/exim/exim_v3_secure_auth.html) # # # !!CHANGE THE SEPARATOR CHARACTER BELOW!! # This is an example file. Replace all occurences of the default # separator character, which is the paragraph sign (§), with the # one your IMAP/POP mailserver supports. The characters ${}"\ and # maybe others must be preceeded by a backslash ("escaped"). See the # exim documentation at http://ente.limmat.ch/doc/exim/manual.html/ # # # # EXAMPLE Server side authentication # Default password file: /etc/cram-md5.pwd # # Plain-text authentication in this configuration only works on TLS # connections, if it is used in unencrypted session, authentication always # fails. A given username is looked up in /etc/cram-md5.pwd and the extracted # cleartext password gets matched against the given secret. # The password file should have user IDs in the first column and plaintext # passwords in the second column, separated by a ???. This file serves as a # password file for exim's cram-md5 authentication mechanism, too. plain: driver = plaintext public_name = PLAIN server_condition = ${if eq{$tls_cipher}{}\ {fail}\ {${if eq{$3}\ {${lookup{$2}lsearch{/etc/cram-md5.pwd}\ {${extract{2}{§}{$value}}\ }\ fail}\ }\ {true}\ fail}\ }\ } server_set_id = $1 login: driver = plaintext public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = ${if eq{$tls_cipher}{}\ {fail}\ {${if eq{$2}\ {${lookup{$1}lsearch{/etc/cram-md5.pwd}\ {${extract{2}{§}{$value}}\ }\ fail}\ }\ {true}\ fail}\ }\ } server_set_id = $1 # CRAM-MD5 needs passwords in clear text in its password file. cramMD5: driver=cram_md5 public_name = CRAM-MD5 server_secret = ${lookup{$1}lsearch{/etc/cram-md5.pwd}\ {${extract{2}{§}{$value}}\ }\ fail} server_set_id = $1