UPDATE: There is now an Official Exim FAQ Entry for this, You should use this for best results as the method below does not work on all versions of authdaemon. If you were having issues with Debian and the solution below, look at the comments section for an update from Debian.
I have been meaning to get SMTP AUTH going on my server for a while, there are a few samples I saw that was looking very nasty for getting authdaemon and exim to talk to each other. Eventually Leon got one of my machines to work in a way that I quite liked, this is my current setup in exim 4. All it requires is that the user that exim runs as can read and write to the courier authdaemon socket.
# Unix clients
plain:
driver = plaintext
public_name = PLAIN
server_condition = \
${if eq {${readsocket{/usr/local/var/authdaemon/socket}\
{AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n}}}{FAIL\n} {no}{yes}}
server_set_id = $2
# Windows clients
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if eq {${readsocket{/usr/local/var/authdaemon/socket} \
{AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n}}}{FAIL\n} {no}{yes}}
server_set_id = $1
Very nice and simple, now I can SMTP auth against my SQL and PAM based auth that is in use on my machines. Works well with Outlook and Evolution.
Just tried it with Exim4 and Courier from Debian Sarge, and Exim delivers mail even when the wrong password is given. The username has to be correct, though.
Yeah I’ve had other Debian users also complain about exactly the same, it’s something debian specific though because I’ve not been able to reproduce this anywhere.
Pardon me if I come across as a clueless noob, but I am struggling to get smtp auth running on my box (exim4). What exactly did you do with the above code?
There is an authentication section in the config file, this is probably more advanced than just auth since it requires a working courier section as well.
More details on SMTP Auth with exim in general can be found at http://www.exim.org/exim-html-4.50/doc/html/spec_33.html
It’s me again!
It seems that my problem with the auth disappeared when using virtual users (kasperl@example.com worked only with right password, but you could send as system user with any password). But finally I found
http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730
and now it works, even on Debian. My setup now: Exim4, MySQL, Courier-Authdaemon+IMAPd+POP3d
I am member of the Debian exim4 maintainer team. It took three months for this issue to be reported to us as Debian bug #336979, http://bugs.debian.org/336979.
I confirm this bug for the Debian packages in sarge and sid/etch up to version 4.54-1. It will be fixed in the next upload. I cannot, however, see why this is a Debian specific issue since we took the authenticators listed above verbatim. So this _should_ be reproducible on other distributions as well.
We have fixed the issues by taking the (more elegant) authenticator code from the exim wiki, http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730
Thanks to Peter Thomassen for pointing this out to us.
The above example should not be used. It rely the successful authentication upon the ABSENCE of the string FAIL, from the authdaemon answer. It is bettere to rely to the PRESENCE of something. Here a deep insight of the problem that arised with a buggy courier authdaemon version:
http://www.rigacci.org/wiki/doku.php/doc/appunti/linux/sa/authdaemon_problem