> I'm aware of the sender_net_accept_relay option to allow relays from some
> addresses but since the ISP's all use DHCP or some other dynamic addressing
> scheme, I can't be sure that xx.xx.xx.4 will always be "trusted user", so I
> have to allow the entire xx.xx.xx.0/24 range in. That's not really what I
> want.
You probably want "POP before SMTP". A user connects to your POP port
(and authenticates with a username and password) to receive their incoming
mail. Your POP server makes a note of the IP address, the time, and the
fact that it was a valid user. (Your POP server probably does this
already, using syslog.) Something between you POP server and your SMTP
server keeps track of which IP addresses have recently been verified to
belong to valid users, and deletes addresses from that list after a
suitable time period. (Programs that do this by continuously tailing your
syslog are available.) When the same user connects to your SMPT server
(within a few minutes after authenticating to your POP server), your SMTP
server allows them to relay outgoing messages. (I don't know how to make
exim do the last part. sender_net_accept_relay="lsearch;/some/file"
doesn't seem to work.)
--apb (Alan Barrett)
--
*** Exim information can be found at
http://www.exim.org/ ***