…and you’re a bloody novice like me, you’ll probably stumble upon Marc Merlin’s “Very detailled and featureful configuration example”. If you use that one and you wonder why on earth people can’t authenticate against your local SMTP via PAM, you seek hours and hours in different places, forums, IRC and whatnot, and all you get in /var/log/exim4/mainlog is a couple of these:
2008-09-26 22:35:15 svr_auth_login authenticator failed for <hostname> [<clientip>]:61588 I=[<serverip>]:25: 535 Incorrect authentication data (set_id=<login>)
make sure /etc/shadow is actually readable by Debian-exim, the exim4 user, f.e. by adding him to the shadow group… D’oh!
Don’t ask me how this worked in the original debian configuration (which unfortunately did not work for me in a couple of other places, otherwise I’d have stuck to it) – from what I’ve seen I believe it somehow used the courier installed on the same machine to do the authentification.
Kudos to this page which made me find the problem.