Pkg exim4 users - Aug 2005 - I don''t succed to use tls + auth pam for relay

You''re right, excepted i read the doc ;)

The problem is that the file generated doesn''t corresponds to my conf
files!

I add a file :
login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = Username:: : Password::
    server_condition = ${if pam{$1:${sg{$2}{:}{::}}}   \
                            {yes}{no} }
    server_set_id = $1

plain:
    driver = plaintext
    public_name = PLAIN
    server_prompts = Username:: : Password::
    server_condition = ${if pam{$1:${sg{$2}{:}{::}}}   \
                            {yes}{no} }
    server_set_id = $1



It is not cat to the generated file .... so i agree, that there is not
authenticators.
I miss special debian exim4 documentation!

I never saw in docs information about
/etc/exim4/exim4.conf.localmacros
/etc/exim4/hubbed_hosts

etc.

Mathieu

Marc Haber a ?crit :
>On Mon, Aug 29, 2005 at 05:30:04PM +0200, mathieu ruellan wrote:
>
>
>>no 250-AUTH line appears :(
>>
>>
>
>AUTH is only advertised when AUTH is configured.
>
>
>
>>Debian-exim is added in the shadow group ...
>>and I add file /etc/pam.d/exim :
>>
>>
>
>Bad idea. See the docs.
>
>
>
>>If somebody can have a look to my /var/lib/exim4/config.autogenerated
(i''m using splited files) ...
>>
>>
>
>YOu have very obviously missed to read the docs, and didn''t
configure any
server authenticators.
>
>Greetings
>Marc
>
>
>




-- 
Mathieu Ruellan
mathieu.ruellan@breizh-biniou.dyndns.org

On Tue, Aug 30, 2005 at 09:42:14AM +0200, mathieu ruellan
wrote:
> You''re right, excepted i read the doc ;)
Including /usr/share/doc/exim4-base/README.SMTP-AUTH and
/etc/exim4/conf.d/auth/30_exim4-config_examples?
> The problem is that the file generated doesn''t corresponds to my
conf files!
That''s bad.
> I add a file :
> login:
>     driver = plaintext
>     public_name = LOGIN
>     server_prompts = Username:: : Password::
>     server_condition = ${if pam{$1:${sg{$2}{:}{::}}}   \
>                             {yes}{no} }
>     server_set_id = $1
> 
> plain:
>     driver = plaintext
>     public_name = PLAIN
>     server_prompts = Username:: : Password::
>     server_condition = ${if pam{$1:${sg{$2}{:}{::}}}   \
>                             {yes}{no} }
>     server_set_id = $1
Where did you add it, and what is the name of the file?

Please notice that the login: and plain: authenticator names are
already taken for the client side authenticators in the default
configuration.
> It is not cat to the generated file .... so i agree, that there is not
> authenticators.
> I miss special debian exim4 documentation!
> 
> I never saw in docs information about
> /etc/exim4/exim4.conf.localmacros
documented in /usr/share/doc/exim4-base/README.Debian.gz line 273ff
> /etc/exim4/hubbed_hosts
documented in the configuration file, directly above the router
definition.
> etc.
documented in http://en.wikipedia.org/wiki/Etc

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Marc Haber said:
> On Tue, Aug 30, 2005 at 09:42:14AM +0200, mathieu ruellan wrote:
>> You''re right, excepted i read the doc ;)
>
> Including /usr/share/doc/exim4-base/README.SMTP-AUTH and
> /etc/exim4/conf.d/auth/30_exim4-config_examples?
>
Yes, ... perhaps i don''t understand well, i try !!!

>> The problem is that the file generated doesn''t corresponds to
my conf
>> files!
>
> That''s bad.
>
>> I add a file :
>> login:
>>     driver = plaintext
>>     public_name = LOGIN
>>     server_prompts = Username:: : Password::
>>     server_condition = ${if pam{$1:${sg{$2}{:}{::}}}   \
>>                             {yes}{no} }
>>     server_set_id = $1
>>
>> plain:
>>     driver = plaintext
>>     public_name = PLAIN
>>     server_prompts = Username:: : Password::
>>     server_condition = ${if pam{$1:${sg{$2}{:}{::}}}   \
>>                             {yes}{no} }
>>     server_set_id = $1
>
> Where did you add it, and what is the name of the file?
>
with an example in a blog, i created a /etc/exim4/conf.d/auth/42-login
it can be read by everybody (for the moment)...

Another thing (I hope it can help you to guess my problem)

When I modify /etc/exim4/conf.d/auth/30_exim4-config_examples and restart
exim4, modifications are not applied in
/var/lib/exim4/config.autogenerated.
I think it''s the main problem! (the date of this file has changed).

lines added:

fixed_login:
        driver = plaintext
        public_name = LOGIN
        server_prompts = "Username:: : Password::"
        server_condition = "${if pam{$1:${sg{$2}{:}{::}}}{1}{0}}"
        server_set_id = $1

fixed_plain:
        driver = plaintext
        public_name = PLAIN
        server_condition = "${if pam{$2:${sg{$3}{:}{::}}}{1}{0}}"
        server_set_id = $1
> Please notice that the login: and plain: authenticator names are
> already taken for the client side authenticators in the default
> configuration.
>
>> It is not cat to the generated file .... so i agree, that there is not
>> authenticators.
>> I miss special debian exim4 documentation!
>>
>> I never saw in docs information about
>> /etc/exim4/exim4.conf.localmacros
>
> documented in /usr/share/doc/exim4-base/README.Debian.gz line 273ff
>
Yes, but it''s very poor for the moment ... some essential informations
are
missing!

For instance, to understand that put the line MAIN_TLS_ENABLE = true is
enough to enable TLS, you have to read scripts!

A newbie (like me) reads the official exim doc, destruct everything and
get unreadable configuration files.

With just a little more information, he will be able to do the same, just
adding a few lines ...

>> /etc/exim4/hubbed_hosts
>
> documented in the configuration file, directly above the router
> definition.
>
>> etc.
>
> documented in http://en.wikipedia.org/wiki/Etc
eh eh eh!!!
>
> Greetings
> Marc
>
> --
>
-----------------------------------------------------------------------------
> Marc Haber         | "I don''t trust Computers. They |
Mailadresse im
> Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621
> 72739834
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621
> 72739835
>
> _______________________________________________
> Pkg-exim4-users mailing list
> Pkg-exim4-users@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
>

-- 
Mathieu Ruellan
mathieu.ruellan@breizh-biniou.dyndns.org

On Tue, Aug 30, 2005 at 11:13:39AM +0200, mathieu ruellan
wrote:
> with an example in a blog, i created a /etc/exim4/conf.d/auth/42-login
> it can be read by everybody (for the moment)...
Why do you take a random example from a blog while the examples from
the packages have example code to accomplish your goal without
exposing yourself to a security risk?
> Another thing (I hope it can help you to guess my problem)
> 
> When I modify /etc/exim4/conf.d/auth/30_exim4-config_examples and restart
> exim4, modifications are not applied in
> /var/lib/exim4/config.autogenerated.
how do you restart exim4? Do you receive any error messages?
> >> I never saw in docs information about
> >> /etc/exim4/exim4.conf.localmacros
> >
> > documented in /usr/share/doc/exim4-base/README.Debian.gz line 273ff
> >
> Yes, but it''s very poor for the moment ... some essential
informations are
> missing!
Please help us making the docs better. Provide a patch.
> For instance, to understand that put the line MAIN_TLS_ENABLE = true is
> enough to enable TLS, you have to read scripts!
/usr/share/doc/exim4-base/README.Debian.gz, line 104, in the paragraph
titled "How to enable TLS support for exim as server". I''d
hardly call
the README file a script.
> A newbie (like me) reads the official exim doc, destruct everything and
> get unreadable configuration files.
A newbie shouldn''t be running a mail server on the public internet,
and should read the documentation that comes with the package.
README.Debian.gz is _prominently_ mentioned even in the package
description.
> With just a little more information, he will be able to do the same, just
> adding a few lines ...
What kind of lines do you wish to have added to the documentation?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Marc Haber said:
> On Tue, Aug 30, 2005 at 11:13:39AM +0200, mathieu ruellan wrote:
>> with an example in a blog, i created a /etc/exim4/conf.d/auth/42-login
>> it can be read by everybody (for the moment)...
>
> Why do you take a random example from a blog while the examples from
> the packages have example code to accomplish your goal without
> exposing yourself to a security risk?
Because they are not clear for me ... i try several things until it works,
   I hope it will make me understand ;)

And to answer you, y didn''t find examples with pam! Do you know an
alternative? (i wish using system user''s passwords)
>
>> Another thing (I hope it can help you to guess my problem)
>>
>> When I modify /etc/exim4/conf.d/auth/30_exim4-config_examples and
>> restart
>> exim4, modifications are not applied in
>> /var/lib/exim4/config.autogenerated.
>
> how do you restart exim4?
I do "/etc/init.d/exim4 restart" or "/etc/init.d/exim4
reload"
> Do you receive any error messages?
no errors message on the console! nothing in logs (/var/log/exim4/mainlog
and rejectlog)

is default configuration quiet? is there a verbose mode?
>
>> >> I never saw in docs information about
>> >> /etc/exim4/exim4.conf.localmacros
>> >
>> > documented in /usr/share/doc/exim4-base/README.Debian.gz line
273ff
>> >
>> Yes, but it''s very poor for the moment ... some essential
informations
>> are
>> missing!
>
> Please help us making the docs better. Provide a patch.
With pleasure, but before, it''s better to understand and make it
working ;)!
>
>> For instance, to understand that put the line MAIN_TLS_ENABLE = true is
>> enough to enable TLS, you have to read scripts!
>
> /usr/share/doc/exim4-base/README.Debian.gz, line 104, in the paragraph
> titled "How to enable TLS support for exim as server".
I''d hardly call
> the README file a script.
>
>> A newbie (like me) reads the official exim doc, destruct everything and
>> get unreadable configuration files.
>
> A newbie shouldn''t be running a mail server on the public
internet,
> and should read the documentation that comes with the package.
> README.Debian.gz is _prominently_ mentioned even in the package
> description.
>
Everybody has been a newbie a day ... sorry, I''m at the beginning!*
I''m just checking to be not openrelay ...
>> With just a little more information, he will be able to do the same,
>> just
>> adding a few lines ...
>
> What kind of lines do you wish to have added to the documentation?
>
A day, i will know them ;)


Mathieu
> Greetings
> Marc
>
> --
>
-----------------------------------------------------------------------------
> Marc Haber         | "I don''t trust Computers. They |
Mailadresse im
> Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621
> 72739834
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621
> 72739835
>
> _______________________________________________
> Pkg-exim4-users mailing list
> Pkg-exim4-users@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
>

-- 
Mathieu Ruellan
mathieu.ruellan@breizh-biniou.dyndns.org

Hi,

On Tue, Aug 30, 2005 at 11:44:55AM +0200, mathieu ruellan
wrote:
> Marc Haber said:
> > On Tue, Aug 30, 2005 at 11:13:39AM +0200, mathieu ruellan wrote:
> >> with an example in a blog, i created a
/etc/exim4/conf.d/auth/42-login
> >> it can be read by everybody (for the moment)...
> >
> > Why do you take a random example from a blog while the examples from
> > the packages have example code to accomplish your goal without
> > exposing yourself to a security risk?
> 
> Because they are not clear for me ... i try several things until it works,
>    I hope it will make me understand ;)
> 
> And to answer you, y didn''t find examples with pam! Do you know an
> alternative? (i wish using system user''s passwords)
As mentioned in this thread and in the README file, the recommended
way of using system user''s passwords is to use saslauthd.
/etc/exim4/conf.d/auth/30_exim4-config_examples has examples showing
how to do that.

> >> Another thing (I hope it can help you to guess my problem)
> >>
> >> When I modify /etc/exim4/conf.d/auth/30_exim4-config_examples and
> >> restart
> >> exim4, modifications are not applied in
> >> /var/lib/exim4/config.autogenerated.
> >
> > how do you restart exim4?
> I do "/etc/init.d/exim4 restart" or "/etc/init.d/exim4
reload"
> 
> > Do you receive any error messages?
> no errors message on the console! nothing in logs (/var/log/exim4/mainlog
> and rejectlog)
> 
> is default configuration quiet?
It is quiet until an error is detected. 

Please grep split /etc/exim4/update-exim4.conf.conf
> is there a verbose mode?
as man update-exim4.conf clearly shows, yes.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Shame on me ;)

grep split /etc/exim4/update-exim4.conf.conf
dc_use_split_config=''false''

So ... I''m blink!!!

I set dc_use_split_config=''true'' and i restart exim!

exim4.conf.localmacros doesn''t seem to be used because MACRO I set in
it
are not present in the generated file (exim4.conf.localmacros
MAIN_TLS_ENABLE, MAIN_TLS_ADVERTISE_HOSTS)

I set them in the main option tls file and it works!!!


I will clean now!!!
Where should be put theses MACROS?
Where should i set exim user & group?


Thanks a lot for your patience!!!


Marc Haber said:
> Hi,
>
> On Tue, Aug 30, 2005 at 11:44:55AM +0200, mathieu ruellan wrote:
>> Marc Haber said:
>> > On Tue, Aug 30, 2005 at 11:13:39AM +0200, mathieu ruellan wrote:
>> >> with an example in a blog, i created a
>> /etc/exim4/conf.d/auth/42-login
>> >> it can be read by everybody (for the moment)...
>> >
>> > Why do you take a random example from a blog while the examples
from
>> > the packages have example code to accomplish your goal without
>> > exposing yourself to a security risk?
>>
>> Because they are not clear for me ... i try several things until it
>> works,
>>    I hope it will make me understand ;)
>>
>> And to answer you, y didn''t find examples with pam! Do you
know an
>> alternative? (i wish using system user''s passwords)
>
> As mentioned in this thread and in the README file, the recommended
> way of using system user''s passwords is to use saslauthd.
> /etc/exim4/conf.d/auth/30_exim4-config_examples has examples showing
> how to do that.
>
>
>> >> Another thing (I hope it can help you to guess my problem)
>> >>
>> >> When I modify /etc/exim4/conf.d/auth/30_exim4-config_examples
and
>> >> restart
>> >> exim4, modifications are not applied in
>> >> /var/lib/exim4/config.autogenerated.
>> >
>> > how do you restart exim4?
>> I do "/etc/init.d/exim4 restart" or "/etc/init.d/exim4
reload"
>>
>> > Do you receive any error messages?
>> no errors message on the console! nothing in logs
>> (/var/log/exim4/mainlog
>> and rejectlog)
>>
>> is default configuration quiet?
>
> It is quiet until an error is detected.
>
> Please grep split /etc/exim4/update-exim4.conf.conf
>
>> is there a verbose mode?
>
> as man update-exim4.conf clearly shows, yes.
>
> Greetings
> Marc
>
> --
>
-----------------------------------------------------------------------------
> Marc Haber         | "I don''t trust Computers. They |
Mailadresse im
> Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621
> 72739834
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621
> 72739835
>
> _______________________________________________
> Pkg-exim4-users mailing list
> Pkg-exim4-users@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
>

-- 
Mathieu Ruellan
mathieu.ruellan@breizh-biniou.dyndns.org

On Tue, Aug 30, 2005 at 02:03:59PM +0200, mathieu ruellan
wrote:
> exim4.conf.localmacros doesn''t seem to be used because MACRO I set
in it
> are not present in the generated file (exim4.conf.localmacros
> MAIN_TLS_ENABLE, MAIN_TLS_ADVERTISE_HOSTS)
>From README.Debian.gz, paragraph starting at line 273:
|For split configuration, you can drop the
|local configuration file anywhere in /etc/exim4/conf.d/main. Just make
|sure it gets read before the macro is first used. 000_localmacros is a
|possible name, guaranteeing first order. For a non-split
|configuration, /etc/exim4/exim4.conf.localmacros gets read before
|/etc/exim4/exim4.conf.template.
> Where should i set exim user & group?
Since exim_user and exim_group are options for main configuration (see
spec.txt.gz line 10242 and 10265), the settings can go anywhere in
/etc/exim4/conf.d/main (since you''re using split config), preferably
in their own dedicated file if you are reluctant in changing the
dpkg-conffiles.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

On Tue, 2005-08-30 at 11:23 +0200, Marc Haber wrote:
> On Tue, Aug 30, 2005 at 11:13:39AM +0200, mathieu ruellan wrote:
....
> > > documented in /usr/share/doc/exim4-base/README.Debian.gz line
273ff
> > >
> > Yes, but it''s very poor for the moment ... some essential
informations are
> > missing!
> 
> Please help us making the docs better. Provide a patch.
I''d like to thank Marc and the other exim4 maintainers for helping
people use the package, and exhibiting such patience.

I had to jump in here because I just sent a note to one of the Quanta
document authors to say I had trouble understanding the docs and thought
some info was missing, and received back a stream of derision (not from
the author, I should add, but maybe from the project lead).  This is all
too typical, and it''s refreshing to see a more mature response.

Ross Boylan

On Aug 30, 2005, at 9:41 PM, Ross Boylan wrote:
> On Tue, 2005-08-30 at 11:23 +0200, Marc Haber wrote:
>> On Tue, Aug 30, 2005 at 11:13:39AM +0200, mathieu ruellan wrote:
> ....
>>>> documented in /usr/share/doc/exim4-base/README.Debian.gz line
273ff
>>>>
>>> Yes, but it''s very poor for the moment ... some essential 
>>> informations are
>>> missing!
>>
>> Please help us making the docs better. Provide a patch.
> I''d like to thank Marc and the other exim4 maintainers for helping
> people use the package, and exhibiting such patience.
>
> I had to jump in here because I just sent a note to one of the Quanta
> document authors to say I had trouble understanding the docs and 
> thought
> some info was missing, and received back a stream of derision (not from
> the author, I should add, but maybe from the project lead).  This is 
> all
> too typical, and it''s refreshing to see a more mature response.
>
It is typical, and somewhat understandable, that developers are 
derisive or short of patience when trying to help users with their 
software. It can be a hindrance in the adoption of software. I have to 
join Ross in complementing this list with knowledgable and patient 
replies. While the documentation is good it is voluminous, but that I 
suppose is to be expected with large, complex software.

Thank you, especially Marc Haber, for your help.

Jeremiah Foster