Two-step validation for exim4 email

servtelecom · September 13, 2023, 7:33am

Could it be possible that to enter webmail or to configure an account on a device or PC, a 2FA validation could be created? similar to what gmail or microsoft already do? I would gain a lot in security.

culibine · September 13, 2023, 8:11am

No, exim4 does not support 2FA. On webmail, you can setup webmails plugins. For example roundcube:

Not tested.

servtelecom · September 13, 2023, 8:44am

Thank’s

servtelecom · September 13, 2023, 8:53am

I always have the same problem with roundcube plugins… in what exact path should I put it? If I put it in /etc/rouncube/pluguins and then add the following in /etc/roundcube/config.inc.php;

$config[‘plugins’] = array(‘twofactor_gauthenticator’);

It doesn’t work, roundcube doesn’t show the option to activate that plugin…

sahsanu · September 13, 2023, 11:42am

Hello @servtelecom,

Steps to install twofactor_gauthenticator rc plugin in Hestia CP:

cd /var/lib/roundcube/plugins/
git clone https://github.com/alexandregz/twofactor_gauthenticator.git
cd twofactor_gauthenticator/
cp config.inc.php.dist config.inc.php
mkdir /etc/roundcube/plugins/twofactor_gauthenticator/
cd /etc/roundcube/plugins/twofactor_gauthenticator/
ln -s /var/lib/roundcube/plugins/twofactor_gauthenticator/config.inc.php config.inc.php
chown -R root:www-data /etc/roundcube/plugins/twofactor_gauthenticator/
chown -R root:www-data /var/lib/roundcube/plugins/twofactor_gauthenticator/

Now edit /etc/roundcube/config.inc.php file to add twofactor_gauthenticator to config_plugins directive.

Example:

$config["plugins"] = ["password", "newmail_notifier", "zipdownload", "archive", "managesieve", "contextmenu", "markasjunk", "twofactor_gauthenticator"];

Now edit file /etc/roundcube/plugins/twofactor_gauthenticator/config.inc.php to configure the preferences for the plugin (don’t forget to edit users_allowed_2FA in this config file to enable the plugin for your user or domain).

Cheers,
sahsanu

aaviegas · February 26, 2025, 3:50pm

European GDPR security policies now require the implementation of a 2-factor authentication system in all systems that may contain personal data. I tried through the post above to implement 2FA but without success. The 2FA option does not appear in roundcube. Does anyone have a suggestion for implementing this system at user level in roundcube and SMTP authentication?

eris · February 26, 2025, 7:08pm

Exim doesn’t support 2FA…

Imap / Pop3 doesn’t either

So only in Roundcube it is possible but then still it doesn’t matter as imap can be used…

Also GPDR doesn’t require 2fa…