Exim's Authenticators Configuration

I have not covered authenication very mush, because I have no experience with it, so I can only point you to the official web site.

 
begin authenticators

# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we # only allow these mechanisms over encrypted connections by default. # You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted # clear text password authentication on all connections. cram_md5: driver = cram_md5 public_name = CRAM-MD5 client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} plain: driver = plaintext public_name = PLAIN .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS client_send = "${if !eq{$tls_cipher}{}{\ ^${extract{1}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\ ^${extract{2}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\ }fail}" .else client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}" .endif login: driver = plaintext public_name = LOGIN .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS # Return empty string if not non-TLS AND looking up $host in passwd-file # yields a non-empty string; fail otherwise. client_send = "${if and{\ {!eq{$tls_cipher}{}}\ {!eq\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}\ {$value}fail}}\ {}}\ }\ {}fail}\ : ${extract{1}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \ : ${extract{2}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}" .else # Return empty string if looking up $host in passwd-file yields a # non-empty string; fail otherwise. client_send = "${if !eq\ {${lookup\ {$host}lsearch*{CONFDIR/passwd.client}\ {$value}fail}}\ {}\ {}fail}\ : ${extract{1}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \ : ${extract{2}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}" .endif ##################################################### ### end auth/30_exim-config_examples #####################################################

Authenticator Definition

 

begin Authenticators

Standard Authentictors

I have not talked much about authentication because I have not not used it very much, so I have listed the standard setup and point you to the official web site for more information.

 
# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
# only allow these mechanisms over encrypted connections by default.
# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
# clear text password authentication on all connections.

cram_md5:
  driver = cram_md5
  public_name = CRAM-MD5
  client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
  client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}

plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "${if !eq{$tls_cipher}{}{\
                     ^${extract{1}{::}\
                       {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
                     ^${extract{2}{::}\
                       {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
                   }fail}"
.else
  client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\       
       ^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}" .endif login: driver = plaintext public_name = LOGIN .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS # Return empty string if not non-TLS AND looking up $host in passwd-file # yields a non-empty string; fail otherwise. client_send = "${if and{\ {!eq{$tls_cipher}{}}\ {!eq\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}\ {$value}fail}}\ {}}\ }\ {}fail}\ : ${extract{1}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \ : ${extract{2}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}" .else # Return empty string if looking up $host in passwd-file yields a # non-empty string; fail otherwise. client_send = "${if !eq\ {${lookup\ {$host}lsearch*{CONFDIR/passwd.client}\ {$value}fail}}\ {}\ {}fail}\ : ${extract{1}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \ : ${extract{2}{::}\ {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}" .endif