Re: [Exim] Authentification or not

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Mueller, Michael
CC: 'Exim ML'
Subject: Re: [Exim] Authentification or not
On Mon, 22 May 2000, Mueller, Michael wrote:

> Hello,
>
> I'm new in using exim.
>
> I have installed v3.12 on a Debian potato with Linux 2.2.14.
>
> I have a running configuration with authentification by searching in
> the /etc/shadow for user and encrypted password.
>
> But I have some users that shall use exim for relaying and their
> software isn't able to authentificate. As a replacement for auth. I
> want to check their IP numbers AND the domain of their sender
> address. The IP number will be a range because they use an ISP.
>
> Today I read the documentation and made some tests on a local
> maschine.
> But it don't work! :-(
> So I created with eximconfig a new exim.conf without auth. so
> I was able test some parameters.
>
> Here are some questions after doing that:
>
> The local maschine which should simulate the login over an ISP
> has the address 194.221.67.85. I use Netscape Communicator
> for testing.
>
> When I set this address to
> host_accept_relay = localhost : 194.221.67.85
> I can send an e-mail. But
> host_accept_relay = localhost : 194.221.67.0/255


What is /255? There are still only 32 bits in IP addresses for now..

My guess is that you meant /24, hopefully you understand why /24 is
what you meant and not /255, if you don't, search for 'CIDR' on the web
and read up..

> don't work? What is wrong?
>
> Why checks
> relay_domains = ...
> the recipient address too? I though that this parameter says FROM
> which domain I am able to send and not TO which domain?


No, relay_domains specified for what domains you will receive mail
_FOR_, to from what domains you will receive mail.

>
> And
> sender_address_relay = *@sector.de
> ? Is that correct after activating
> sender_verify = true
> ?


sender_address_relay sets up to permit relay by sender-domain, which
sounds like what you want..

sender_verify is unrelated - it verifies that the sender address is
valid.

> But my biggest probleme is that the changes made in the configuration
> without auth. don't work in the config with auth. until I deactivate the
> auth. driver! :-(


Exim offers auth when you have it so enabled. Unfortnately, if Nescape
sees auth offered, it assumes it is required, and it MUST auth..

> Can you give me some hints to realize the "authentification" by IP address
> and sender domain for that users that are not able to authentificate beside
> the real auth.?


You could of course use a not-very-secure, but better than nothing
approach, of running another exim on another TCP port, and permitting
relay from that ISP network through that, and then tell your users that
port number in confidence.. This is not high security, but it will keep
out the random spammers that don't know anything about which port you
are using.. (And if they find out, you can always change it, and be
more careful about giving it out)

>
> Best regards
>
> Michael M"uller
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>


--