Exim's Authenticators Configuration

I have not covered authenication very mush, because I have no experience with it, so I can only point you to the official web site.

  
begin authenticators

# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
# only allow these mechanisms over encrypted connections by default.
# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
# clear text password authentication on all connections.

cram_md5:
  driver = cram_md5
  public_name = CRAM-MD5
  client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
  client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}

plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "${if !eq{$tls_cipher}{}{\
                     ^${extract{1}{::}\
                       {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
                     ^${extract{2}{::}\
                       {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
                   }fail}"
.else
  client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
       ^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.endif

login:
  driver = plaintext
  public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  # Return empty string if not non-TLS AND looking up $host in passwd-file
  # yields a non-empty string; fail otherwise.
  client_send = "${if and{\
                          {!eq{$tls_cipher}{}}\
                          {!eq\
                              {${lookup{$host}lsearch*{CONFDIR/passwd.client}\
                                 {$value}fail}}\
                              {}}\
                         }\
                      {}fail}\
                 : ${extract{1}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
                 : ${extract{2}{::}\
                     {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.else
  # Return empty string if looking up $host in passwd-file yields a
  # non-empty string; fail otherwise.
  client_send = "${if !eq\
                          {${lookup\
                            {$host}lsearch*{CONFDIR/passwd.client}\
                            {$value}fail}}\
                          {}\
                      {}fail}\
                 : ${extract{1}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
                 : ${extract{2}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.endif
#####################################################
### end auth/30_exim-config_examples
#####################################################

Authenticator Definition

 

begin Authenticators

Standard Authentictors

I have not talked much about authentication because I have not not used it very much, so I have listed the standard setup and point you to the official web site for more information.

  
# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
# only allow these mechanisms over encrypted connections by default.
# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
# clear text password authentication on all connections.

cram_md5:
  driver = cram_md5
  public_name = CRAM-MD5
  client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
  client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}

plain:
  driver = plaintext
  public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  client_send = "${if !eq{$tls_cipher}{}{\
                     ^${extract{1}{::}\
                       {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
                     ^${extract{2}{::}\
                       {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
                   }fail}"
.else
  client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\       
       ^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.endif

login:
  driver = plaintext
  public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
  # Return empty string if not non-TLS AND looking up $host in passwd-file
  # yields a non-empty string; fail otherwise.
  client_send = "${if and{\
                          {!eq{$tls_cipher}{}}\
                          {!eq\
                              {${lookup{$host}lsearch*{CONFDIR/passwd.client}\
                                 {$value}fail}}\
                              {}}\
                         }\
                      {}fail}\
                 : ${extract{1}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
                 : ${extract{2}{::}\
                     {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.else
  # Return empty string if looking up $host in passwd-file yields a
  # non-empty string; fail otherwise.
  client_send = "${if !eq\
                          {${lookup\
                            {$host}lsearch*{CONFDIR/passwd.client}\
                            {$value}fail}}\
                          {}\
                      {}fail}\
                 : ${extract{1}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
                 : ${extract{2}{::}\
                        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
.endif