[Exim] complex Auth

Top Page
Delete this message
Reply to this message
Author: Leonardo Boselli
Date:  
To: exim-users
Old-Topics: [Exim] Refuse relay in 2.05?
Subject: [Exim] complex Auth
hve two group of users
Group S and Group U (btw the group is determined by the first
letter of username, group S have a-u as first letter, group U have v-z
or a figure as first charachter of username
I have four group of machines:
group i , machines usually used by group S users only;
group j , machines usually used by group U users only
group a, machines being part of "trusted" domains
group e, the rest of world:
Currently relay is accepted from group i and j machines only, not
caring for who is the sender, while for group e only a few user can
use AUTH and send mail throught the machine.
I wish to add the following capabilities:
0) The macchine must accept e-mail for local domain or domains
for which is allowed to relay (BTW: is possible to use a wildcard for
that ... so accept relay for *.dicea.unifi.it including dicea.unifi.it
where here.dicea.unifi.it is the local domain? or i have to list all the
host for which the machine is allowed to relay for)
1) Any one sending from a machine in group i can send where he
want, without any check or sender (and this is done)
2) Sending from a machine in group j is allowed provided the return
address are valid (btw: that users use as domain one of the domain
that are in the list of domains that are local or the machine is
allowed to relay for as in 0)
3) sending from a machine in group a is allowed [unauthenticated]
only if the sender is in a list of users
4) Sending from a machine in group e is allowed only if
authenticated and according the following rules:
a) if the user is in group S (that is: the username passed in the
authentication is in group S) then any message is accepted
(of course this is valid also for user in group S wanting to send
mail from machine in group j using a different address)
b) if the user is in group U then the return address MUST be the
same used for authentication

Is it possible or I have to set more copies of exim for the different
group of users ?
(easier configuration, but i have to teach the user to use different
ports according the area where they have)

Leonardo Boselli
nucleo informatico e telematico
Dipartimento Ingegneria Civile
Universita` di Firenze
V. S. Marta 3 - I-50139 Firenze
tel +39()0554796431 fax +39()055495333
http://www.dicea.unifi.it/~leo