Commit 1a18c781 authored by Wágner Ferenc's avatar Wágner Ferenc
Browse files

Exim: open the submission port and enable the login_server

A standard STARTTLS + LOGIN authenticated submission service is
useful in mobile situations, so support it as a side project.
parent d5f31262
$ANSIBLE_VAULT;1.1;AES256
61323261373031343438333737313162616231313266666237396533363936613062323966346137
6635386665396138633566613137626265376432393037360a643432643733326133633865366238
37346565633138393766343463373539633439376531323638393264386637346235366161643662
3938363930363361620a383264636538643537326330666434303435373331383866333461613262
63313262623734633636636163303334383061383365383030643264373230356166373661616138
6662636431353364663234356433626564613337303836333464
......@@ -32,6 +32,16 @@
mode: 0644
notify: Reload Exim
- name: Set up SMTP authentication database
become: yes
copy:
src: exim_passwd
dest: /etc/exim4/passwd
owner: root
group: Debian-exim
mode: 0640
when: vault_open is defined
- name: Configure Mailman
become: yes
template:
......
......@@ -5,6 +5,9 @@ MAIN_TLS_PRIVATEKEY = /etc/apache2/{{ apache_certificate_stem }}.key
# Log into the default log files and to syslog (journal)
log_file_path = :syslog
# Submission port for encrypted and authenticated use (see login_server):
daemon_smtp_ports = smtp : submission
# Mailman integration based on http://www.exim.org/howto/mailman21.html
# FIXME go beyond the basic section of the HOWTO
MM_HOME=/var/lib/mailman
......@@ -2058,15 +2061,15 @@ begin authenticators
# password are $auth1 and $auth2. Apart from that you can use the same
# server_condition setting for both authenticators.
# login_server:
# driver = plaintext
# public_name = LOGIN
# server_prompts = "Username:: : Password::"
# server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
login_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
.endif
#
# cram_md5_server:
# driver = cram_md5
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment