Setting up TLS SMTP Authentication Using Courier Athentication
Since we already have courier-authdaemon running we may as well use it for authentication. I copied the followi ng from /etc/exim4/conf.d/auth/30_exim4-config_examples into /etc/exim4/conf.d/auth/10_local-courier_authdaemon and uncommented it.
Note if you already have sasl2 authentication installed comment it out in 30_exim4-config_examples.
plain_courier_authdaemon:
driver = plaintext
public_name = PLAIN
server_condition = \
${if eq {${readsocket{/var/run/courier/authdaemon/socket}\
{AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n}}}{FAIL\n}{no}{yes}}
server_set_id = $2
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
login_courier_authdaemon:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if eq {${readsocket{/var/run/courier/authdaemon/socket} \
{AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n}}}{FAIL\n}{no}{yes}}
server_set_id = $1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
Then we need to allow access for the Exim process to the socket file, I did this by adding Exim to the daemon group (which may, potentially, have security issues?).
usermod -G daemon Debian-exim
Setting up TLS
Since we don't want to use plaintext authentication over the Internet, we need to have TLS available.
Edit /etc/exim4/conf.d/main/00_local_settings to include the line (you may have to create the file) if you havn't already enabled it earlier.:
MAIN_TLS_ENABLE = true
Setting up message submission
We need to listen on alternative port for SMTP-AUTH. Port 587 is the standard port for this service, so we have Exim listen on both Port 25 and 587 by adding the following to /etc/exim4/conf.d/main/00_local_settings.
daemon_smtp_ports = smtp : 587
Now just run "update-exim4.conf" and restart the daemon, and everything should work correctly.
update-exim4.conf;/etc/init.d/exim4 restart