logs archiveIRC Archive / Freenode / #exim / 2010 / May / 28 / 1
joh
Hi, our mail gateway is running exim 4.69 and (after filtering for spam) sends mail to our internal groupwise server. Now we'd like to enable authentication against that groupwise server, so we can use the gateway for outgoing e-mail as well. What would be the best way of doing this? Groupwise runs LDAP so we could set up exim to authenticate with that, or alternatively we could have exim use the groupwise smtp server for outgoing e-mail. What would be the
phx
ldap is fine
i did this with exchange
joh
ok?
phx
?
joh
why do you think ldap auth is a better solution than smtp auth?
phx
well, first the snmp auth is using the ldap at its own level. why not using the source? second, i don't think exim can authenticate a user using smtpauth to another host
joh
oh ok
phx
and i think even the idea if using smtpauth from server to an auth source to authenticate a user it's quite wierd
joh
yeah, maybe :)
         

phx
http://pastebin.com/FTchHAa0
here's my PLAIN, you might find it useful
the tricky part is, i look up the full CN of the user and i'm using that for binding, instead of constructing it by the input data
so it's a double lookup, but it's useful. emtpy username problem gets avoided, the user is pre-verified for existance, and we can use our normal login names (the CN contains the full name)
joh
ok, thanks :-)
lau
hello, i am trying to configure a no-reply@my.tld to /dev/null
do you have any documentation to do that ?
phx
lau, just discrad it in an ACL
lau
I thought maybe aliases ?
phx
discard local_parts = no-reply\ndomains = my.tld
and that's all
lau
hello phx, thx for you answer, thus the no-reply@my.tld will be a valid address but emails will be discarded (i.e. put to /dev/null) ?
phx
lau, they will be discarded, but /dev/null won't get involved. read the docs
joh
Is it possible to test exim operators somehow without entering them into the configuration?
petemc
eixm -be
joh
(i.e. ${quote_ldap_dn: ...; }
petemc
-be does expansion testing
joh
thanks
Hmm, I get this message in the mainlog when trying to authenticate with ldapauth: plain_ldap_server authenticator failed for ([10.8.0.6]) [10.8.0.6]:60367 I=[10.0.0.2]:25: 435 Unable to authenticate at present (set_id=joh): failed to bind the LDAP connection to server obelix:389 - ldap_bind() returned -1
The server_condition works fine with -be
http://pastebin.com/d0PTpvBR
phx
joh, put exim into debug mode
joh
phx: http://pastebin.com/702MUnwg
phx
mhm, exim should say what does ld_errno contain
joh
ld_errno?
phx
and can you bind the same way using ldap_search ?
man ldap_bind
joh
I can bind with both ldapsearch and exim -bp
phx
there must be something different
o=secsystems
isn't that OU or DC?
usually the top section is something DC, as the domain, and within the domain, we have OUs
         

joh
no, it's o=secsystems
dn: cn=joh,ou=brukere,o=secsystems
henk
phx: usually OUs come below Os ;)
phx
okey, i might be lagging behind
henk
o=organization, ou=organizational unit
phx
yeah i know
joh
exim4 -be '${if ldapauth{user="cn=joh,ou=brukere,o=secsystems" pass="asdf" ldap://obelix/}{yes}{no}}' works - returns "no"
and returns "yes" if I enter the correct password
(Action) is puzzled
Ok, error -1 is: Can't contact LDAP server
Maybe some DNS issue?
phx
no
-1 is ldad_bind's return value for errors, and ld_errno contains the actual one
joh
ok, using the IP of obelix worked!
aah
phx
strange
joh
yeah, very strange
What -d flag should I use?
-dauth?
-dall? :P
+all I mean
phx
-d+all for you
joh
http://pastebin.com/aVCWqGma
phx
check it yourself, i'm rolling my afterlunch cig
joh
I am checking it, but there's no ld_errno in the logs :-/
Ah, it's because we use another DNS name - obelix.aptomar
Now it works
phx
fill the search path
joh
Yeah, that's not necessary for a lot of other programs though
like ping, ldapsearch etc
I'm a bit puzzled as to why it worked with -be
phx
i always do it, it provides comfort
joh
ok
lau
how can I direct mails to account@my.tld in a Maildir even if the account is not a system account on the mail server ?
newb0
l
I have a simple machine with Apache. To access Apache I have mycustomname.homeip.net registered at dyndns.com. Now I want use PHP files at Apache and need have "mail()" php function (who uses "mail" command from system) working. My idea: I have a real website (DNS + online host) working, then I want all exim emails be redirected to there
phx
lau, docs
newb0, docsi
s/i//
newb0
I have exim at a Debian machine. I simple need my system messages go to my company email. See, my machine is local, I just want exim send mail to my oficial mailbox (I will test PHP scripts here too, I want test them). Yesterday somebody told me to execute sudo dpkg-reconfigure exim4-config , I've done it and added mail.myserver.com:my@sendermail.com:password at /etc/exim4/passwd.client.
But EXIM do not send emails, my machine h as logs like "Verification failed for <root@machineName>"How can I proceed to have this emails at my e-mail account? I want test PHP files here too, and PHP uses mail program
phx
newb0, docs, and docs, and again the docs. read the docs.
newb0
phx:I tried, but I don't understood yet how to do this if my local server has only a homeip.net address. I reeally need some help to continue :(
henk
i helped you with that problem yesterday for about 30 minutes. now you come in and ask _exactly_ what you asked after joining yesterday.
makes me feel that 30 minutes was wasted...
newb0
henk: Hey henk! I don't saw you here today! No, you don't lost time yesterday! Your help was great! I just was trying continue that talk
henk: You told me about have another MTA to receive them. I think I have one now, with WHM access
henk: If I understood all right, the MTA who receive fail to verify my local address, correct?
I asked the same thing now because I'm was thinking explain the problem from beginning was best xD
henk: If I understood all right, the MTA who receive fail to verify my local address, correct? /etc/exim4/email-addresses should work for this case?
saulo
I have EXIM using another MTA to send mails, but I'm unable to receive local messages (root@servername, for example), outside. Tryed add at /etc/email-addresses my real mail (saulo@mycompany.com), it appear at logs, but I don't receive it. I think it's only local alias. I could add, too, at .forward file at home dir, but some system users has no home dir (222-data, for example)
lau
phx
you're using 4.50?
saulo
phx: 4.71-4 (debian)
lau: opening :)
lau
saulo
*openning the web page :P My connection is going poor here (a lot of time to open) :P
phx
lau, i'm just referring to the routers section
lau, generic routers option, and manualroute
saulo
lau: I could change this config ( file = $home/.forward$local_part_suffix ) to " file = /root/.forward$local_part_suffix " and all users could be forwarded to root config?
lau
saulo, sorry I did not follow your discussion with phx. My concern is about receiving mails with non-system users
phw suggested to read doc, and I was just asking if the doc I am reading is the right one :)
phx
it's pub o'clock, i'm off :)
saulo
ah ok! xD misinterpretation of English (mine) sorry. And yes, I'm trying do the forward to a real address. I understood it's some about whwre you told me (46.7 Multiple user mailboxes) for " userforward:".
lau: I have my local server and no external mail access. Then I want receive all at my real email, from all system users
lau: .forward file shoud work, but I don't receive mail from users like www-data (no home dir)
lau: and anyway I shoud configure .forward for users one by one. I just want receive all in my mailbox :)
mrtuple
how do I instruct exim to initiate the TLS/SSL negotiation immediately, without waiting for a STARTTLS?
... like the swak -tlsc option
hello?
« prev