Clone this wiki locally
One of the options Exim has for authentication without root access is by using SASLAuthd from the Cyrus suite. However, there is another option: pwauth, which is probably more easy to setup and which can be used by multiple daemons (like Apache AND Exim). It is recommended you follow the instructions in the AuthenticatedSmtpUsingPam tutorial regarding encryption (TLS) as they won't be discussed here. This is based on a Debian 5.0/Lenny install.
- Exim 4.x
- Current stable version is 2.3.8
Since I run Debian 5.0/Lenny which has a package system, I did not need
to compile Exim. Issueing
apt-get install exim4 as root is enough (and
most Debian users would not have to do that either because Exim4 is the
standard MTA on Debian).
Since I only use plaintext as authenticator driver, I don't think there's much hocus-pocus in compiling Exim. If anyone has instructions on compiling, please edit this page.
Download pwauth, extract the package and cd into the new directory:
wget 'http://unixpapa.com/software/pwauth-2.3.8.tar.gz' tar xzf ./pwauth-2.3.8.tar.gz cd pwauth-2.3.8/
As with any piece of software you compile yourself, you should read the README and the INSTALL file. They contain all the information you'll need to configure pwauth. Next, edit config.h and set it up to reflect your system. The settings I used are the following:
#define SHADOW_SUN #define UNIX_LASTLOG #define HAVE_LASTLOG_H #define NOLOGIN_FILE "/etc/nologin" #define MIN_NOLOGIN_UID 1 #define CHECK_LOGIN_EXPIRATION #define CHECK_PASSWORD_EXPIRATION #define SERVER_UIDS 33,101 #define MIN_UNIX_UID 500 #define SLEEP_LOCK "/var/run/pwauth.lock"
You need to give special attention to the line SERVER_UIDS, as that
can differ for your system. It needs a list of UID (user ids) that can
run pwauth. This list obviously needs to include the user that runs
Debian-exim. On my system, Exim is run as user Debian-exim. To retrieve
the UID for this user, I give the following command:
grep Debian-exim /etc/passwd It gives the following output on my
Debian-exim:x:101:105::/var/spool/exim4:/bin/false The UID is
the number after the second ':' (so the UID is 101).
In case your wondering why I have two UIDs in the line SERVER_UIDS: UID 33 is the user Apache is running under.
When config.h is all set up, we can compile pwauth:
If compilation did not issue errors, we can install pwauth. Note that you need to run the following commands as root.
cp ./pwauth /usr/local/bin/ chown root:staff /usr/local/bin/pwauth chmod 4755 /usr/local/bin/pwauth
Next, we should test to see if pwauth works. As root, type the following commands:
su -s /bin/bash Debian-exim /usr/local/bin/pwauth ; echo $?
Then type the name of a user, hit enter, and type the password of a user. If the password is valid, the last command should display 0. If the password is invalid, the last command should display 1 or 2. For other numbers, refer to the INSTALL file in the pwauth directory.
If you are here, pwauth is set up correctly for Exim!
We need to tell Exim how to use pwauth. This is done using an authenticator. For my Debian system, I edited the file etc/exim4/exim4.conf.template. I added this: