Bug#305443: Re: Bug#305443: Re: Bug#305443: smtp-auth documentation is incomplete
tags #305443 confirmed pending thanks On Mon, May 02, 2005 at 11:44:11AM +1000, Drew Parsons wrote: > OK, that should be fine :) Tagging the bug appropriately. The fixes are in svn. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305443: Re: Bug#305443: smtp-auth documentation is incomplete
On Sun, 2005-05-01 at 19:36 +0200, Marc Haber wrote: > I am not a friend of holding a user's hands through the entire > configuration process, making reference to the documentation > completely unnecessary. I have, however, added an example: > > --- debian/README.Debian(revision 1132) > +++ debian/README.Debian(working copy) > @@ -161,9 +161,15 @@ > sure it gets read before the macro is first used. 000_localmacros is a > possible name, guaranteeing first order. For a non-split > configuration, /etc/exim4/exim4.conf.localmacros gets read before > -/etc/exim4/exim4.conf.template. See the exim specification, chapter > -6.4, for details how macro expansion works. > +/etc/exim4/exim4.conf.template. To actually set the macro > +EXIM4_EXAMPLE to the value "this is a sample", write the following line > > +EXIM4_EXAMPLE = this is a sample > + > +into the appropriate file. For more detailed discussion of the general > +macro mechanism, see the exim specification, chapter 6.4, for details > +how macro expansion works. > + > Is that ok with you? > OK, that should be fine :) Thanks for helping with it. Drew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305443: Re: Bug#305443: smtp-auth documentation is incomplete
Hi, On Mon, May 02, 2005 at 03:16:23AM +1000, Drew Parsons wrote: > My only final suggestion is to include a trival example in README.Debian > (or commented out in /etc/exim4/conf.d/main/000_localmacros if you want > to create the sample file): > > e.g. to switch on a basic on/off definition, use > MY_MACRO_DEFINITION=1 I am not a friend of holding a user's hands through the entire configuration process, making reference to the documentation completely unnecessary. I have, however, added an example: --- debian/README.Debian(revision 1132) +++ debian/README.Debian(working copy) @@ -161,9 +161,15 @@ sure it gets read before the macro is first used. 000_localmacros is a possible name, guaranteeing first order. For a non-split configuration, /etc/exim4/exim4.conf.localmacros gets read before -/etc/exim4/exim4.conf.template. See the exim specification, chapter -6.4, for details how macro expansion works. +/etc/exim4/exim4.conf.template. To actually set the macro +EXIM4_EXAMPLE to the value "this is a sample", write the following line +EXIM4_EXAMPLE = this is a sample + +into the appropriate file. For more detailed discussion of the general +macro mechanism, see the exim specification, chapter 6.4, for details +how macro expansion works. + What about debconf? -- Debconf just "manages" the file /etc/exim4/update-exim4.conf.conf. This is Is that ok with you? Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305443: Re: Bug#305443: smtp-auth documentation is incomplete
On Sun, 2005-05-01 at 18:18 +0200, Marc Haber wrote: > I see. I always forget that there is client authentication as well. > That feature is never used by me. > Ah, that explains the confusion. > I have added ... > # You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted > # clear text password authentication on all connections. > > to client side authentication. > > To allow setting of macros, nonsplit config will now read > /etc/exim4/exim4.conf.localmacros before > /etc/exim4/exim4.conf.template, and README.Debian now has the two > paragraphs: > > +Our configuration can be controlled in a limited way by setting > +macros. That way, you can switch on and off certain parts of the > +default configuration without having to touch the dpkg-conffiles. > +While touching dpkg-conffiles itself is explitly allowed and wanted, > +it can be quite a nuisance to be asked on package upgrade whether one > +wants to use the locally changed file or the file changed by the > +package maintainer. > + > +Whenever you see an .ifdef or .ifndef clause in the configuration > +file, you can control the appropriate clause by setting the macro in a > +local configuration file. For split configuration, you can drop the > +local configuration file anywhere in /etc/exim4/conf.d/main. Just make > +sure it gets read before the macro is first used. 000_localmacros is a > +possible name, guaranteeing first order. For a non-split > +configuration, /etc/exim4/exim4.conf.localmacros gets read before > +/etc/exim4/exim4.conf.template. See the exim specification, chapter > +6.4, for details how macro expansion works. > Yes, this looks good now. > Macros can unfortunately only be _set_ in the main part of exim > configuration. > > Is are the changes I did sufficient in your opinion? > Yes, that should cover it I think. My only final suggestion is to include a trival example in README.Debian (or commented out in /etc/exim4/conf.d/main/000_localmacros if you want to create the sample file): e.g. to switch on a basic on/off definition, use MY_MACRO_DEFINITION=1 You've referred to Sect. 6.4 in the full docs, of course, but adding this little bit of redundant example makes it that much easier to understand what needs to be done, I think. Especially when it's only one of these simple macros (like AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS in my case) which is needed. The full docs can be read if the user should need to set one of the complex macros. Thanks, Drew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305443: Re: Bug#305443: smtp-auth documentation is incomplete
Hi, On Sun, May 01, 2005 at 10:38:43PM +1000, Drew Parsons wrote: > The problematic phrase is "setting the appropriate macro as mentioned > in the comments in the configuration file". That is to say, this phrase > is clear on its own, it tells me that I will find further instructions > in /etc/exim4/conf.d/auth/30_exim4-config_examples. > > The problem is when I look for these instructions inside > 30_exim4-config_examples. I can't find them. I see. I always forget that there is client authentication as well. That feature is never used by me. I have added # You can set # AUTH_SERVER_ALLOW_NOTLS_PASSWORDS to advertise unencrypted clear text # password based authenticators on all connections. to the comments for server side authentication, and # You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted # clear text password authentication on all connections. to client side authentication. To allow setting of macros, nonsplit config will now read /etc/exim4/exim4.conf.localmacros before /etc/exim4/exim4.conf.template, and README.Debian now has the two paragraphs: +Our configuration can be controlled in a limited way by setting +macros. That way, you can switch on and off certain parts of the +default configuration without having to touch the dpkg-conffiles. +While touching dpkg-conffiles itself is explitly allowed and wanted, +it can be quite a nuisance to be asked on package upgrade whether one +wants to use the locally changed file or the file changed by the +package maintainer. + +Whenever you see an .ifdef or .ifndef clause in the configuration +file, you can control the appropriate clause by setting the macro in a +local configuration file. For split configuration, you can drop the +local configuration file anywhere in /etc/exim4/conf.d/main. Just make +sure it gets read before the macro is first used. 000_localmacros is a +possible name, guaranteeing first order. For a non-split +configuration, /etc/exim4/exim4.conf.localmacros gets read before +/etc/exim4/exim4.conf.template. See the exim specification, chapter +6.4, for details how macro expansion works. > Note also the circular references: README.SMTP-AUTH says read the > comments in 30_exim4-config_examples, while 30_exim4-config_examples > says read README.SMTP-AUTH for more help. That is ok, because the README gives more general information, while the special information is inside the actual config file. > 1) Keep the reference in README.SMTP-AUTH to the comments in > 30_exim4-config_examples, and add those comments. Done. > Or maybe you could place the definition right there in > 30_exim4-config_examples, and the instruction will say "...telling them > to fix their email server, and then uncomment the following line" Macros can unfortunately only be _set_ in the main part of exim configuration. > I will go now and send an email to my ISP telling them to fix their > email server. *g* Is are the changes I did sufficient in your opinion? Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305443: Re: Bug#305443: smtp-auth documentation is incomplete
On Sun, 2005-05-01 at 12:47 +0200, Marc Haber wrote: > Can you check the current version of the file, > http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/README.SMTP-AUTH?op=file&rev=0&sc=0, > and say whether the docs are ok now. If not, please say what should be > changed. > Thanks for looking over it further. As far as I can tell, the file in svn for README.SMTP-AUTH is the same as already in sid. The text I'm referring to reads: - If you need to enable them for unencrypted connections because your service provider does support neither TLS encryption nor the CRAM MD5 authentication method, you can do so by setting the appropriate macro as mentioned in the comments in the configuration file [3]. ... [3] If you are using split configuration (dc_use_split_config='true' in /etc/exim4/update-exim4.conf.conf), the file to edit is /etc/exim4/conf.d/auth/30_exim4-config_examples. If you are not using split configuration, your file is /etc/exim4/exim4.conf.template. - The problematic phrase is "setting the appropriate macro as mentioned in the comments in the configuration file". That is to say, this phrase is clear on its own, it tells me that I will find further instructions in /etc/exim4/conf.d/auth/30_exim4-config_examples. The problem is when I look for these instructions inside 30_exim4-config_examples. I can't find them. I can't see where your latest svn version of 30_exim4-config_examples is located, the one at http://svn.debian.org/wsvn/pkg-exim4/exim4-config-medium/trunk/exim4-config-medium/debian/config/conf.d/conf.d/auth/30_exim4-config-medium_examples?op=file&rev=0&sc=0, When I read /etc/exim4/conf.d/auth/30_exim4-config_examples (4.50-6), I see these instructions: # ## # See /usr/share/doc/exim4-base/README.SMTP-AUTH ## # These examples below are the equivalent for client side authentication. # They get the passwords from CONFDIR/passwd.client. This file should have # three columns separated by colons, the first contains the name of the # mailserver to authenticate against, the second the username and the third # contains the password. ### # example for CONFDIR/passwd.client ### mail.server:blah:secret ### # default entry: ### *:bar:foo # Because AUTH PLAIN and AUTH LOGIN send the password in clear, we # only allow these mechanisms over encrypted connections by default. And that's the only instructions given in 30_exim4-config_examples, with respect to client-side authentication. README.SMTP-AUTH talks about "the appropriate macro as mentioned in the comments in the configuration file", but the config file (30_exim4-config_examples) does not mention any macro in its comments. Note also the circular references: README.SMTP-AUTH says read the comments in 30_exim4-config_examples, while 30_exim4-config_examples says read README.SMTP-AUTH for more help. I think there are two alternative ways to fix this (making clear what macro needs to be set and removing the circular reference): 1) Keep the reference in README.SMTP-AUTH to the comments in 30_exim4-config_examples, and add those comments. Something like: # Because AUTH PLAIN and AUTH LOGIN send the password in clear, we # only allow these mechanisms over encrypted connections by default. # # If your ISP does not support encrypted connections, send them an # email telling them to fix their email server, and then add the following definition: # AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS=1 # to Or maybe you could place the definition right there in 30_exim4-config_examples, and the instruction will say "...telling them to fix their email server, and then uncomment the following line" This would be similar to the instructions you gave in previous versions, only simpler. 2) Remove the reference to "setting the appropriate macro as mentioned in the comments in the configuration file" from README.SMTP-AUTH, and instead say (in README.SMTP-AUTH) something like "If you need to enable them for unencrypted connections because your service provider does support neither TLS encryption nor the CRAM MD5 authentication method, you can do so by placing AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS=1 in ." I think this documentation issue is in practice quite important, since I think there are a hell of a lot of ISPs that do not support encrypted authentication. It would of course be better if they did support it, but they don't, and we need to be able to deal with this situation with minimum pain. Of the half-dozen ISPs I've dealt with over the last 5 years or so, I don't think a single one of them has supported encrypted authentication. I feel a sense of urgency about since we're about to release sarge, and with exim4 being Debian's default MTA, this question is going to hit a lot of people. Lots of newbies... I can read the code in 30_exim4-config_examples and figure out that AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS needs to
Bug#305443: Re: Bug#305443: smtp-auth documentation is incomplete
On Wed, Apr 20, 2005 at 10:01:50PM +1000, Drew Parsons wrote: > On Wed, 2005-04-20 at 12:10 +0200, Marc Haber wrote: > > > Please add the required comments. > > > > Comments are never required. I'll think about giving more information. > > > > When I say "required", what I'm talking about are the ones referred to > in README.SMTP-AUTH. Can you check the current version of the file, http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/README.SMTP-AUTH?op=file&rev=0&sc=0, and say whether the docs are ok now. If not, please say what should be changed. In the absence of your answer, I'll close this bug on May 31, 2005. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305443: smtp-auth documentation is incomplete
On Wed, 2005-04-20 at 12:10 +0200, Marc Haber wrote: > > Please add the required comments. > > Comments are never required. I'll think about giving more information. > When I say "required", what I'm talking about are the ones referred to in README.SMTP-AUTH. Thanks for considering the issue. Drew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305443: smtp-auth documentation is incomplete
severity #305443 minor thanks On Wed, Apr 20, 2005 at 12:29:52PM +1000, Drew Parsons wrote: > Severity: important NACK, this is a documentation issue. > Does it need to be set in 30_exim4-config_examples or in > /etc/exim4/passwd.client? How is it set? I am not going to duplicate the entire exim specification in the configuration file comments. > Please add the required comments. Comments are never required. I'll think about giving more information. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#305443: smtp-auth documentation is incomplete
Package: exim4-config Version: 4.50-6 Severity: important You've changed the way /etc/exim4/conf.d/auth/30_exim4-config_examples handles the case of unencrypted client-side authentication. README.SMTP-AUTH says unencrypted passwords can be enabled "by setting the appropriate macro as mentioned in the comments in the configuration file" (30_exim4-config_examples). I can see the macro in 30_exim4-config_examples, it's called AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS, right? But no where does 30_exim4-config_examples explain how to set it. Does it need to be set in 30_exim4-config_examples or in /etc/exim4/passwd.client? How is it set? README.SMTP-AUTH says this will be explained in the comments, but it isn't. Please add the required comments. Thanks, Drew. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (990, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Versions of packages exim4-config depends on: ii adduser 3.63 Add and remove users and groups ii debconf [debconf-2.0] 1.4.48 Debian configuration management sy ii passwd 1:4.0.3-31sarge2 change and administer password and -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
