Re: [Exim] SMTP Auth based on domain names @ non local hosts

Góra strony
Delete this message
Reply to this message
Autor: Dave C.
Data:  
Dla: Chris Russell
CC: exim-users
Temat: Re: [Exim] SMTP Auth based on domain names @ non local hosts

Er, thats really the whole point of SMTP AUTH.. To permit authorized
users to relay through your host, from non-local networks.

First off, you need to define local and non local hosts by IP ADDRESS,
not hostname or domain, as the latter are easily forged. (Its not
completely im possible to forge IP addresses, but it is several orders
of magnitude more difficult)

Note that you wont actually be verifying that the sender address is
valid, but you will be able to verify (and log, and insert in the
headers) the user that authenticated. So if a message comes through
from authenticated user 'bob', and it claims to be 'from'
president@???, you at least know who to tell the Secret
Service to talk to when they come kncoking at your door.

Here are some of the settings you will want to look at. Do please read
the exim specification for more detailed explanations.

# This avoids a problem with Netscape Clients from thinking they have
# to authenticate, even when they are connection from a 'local' IP
# address
auth_always_advertise = false

# This says to not requre authentication to accept mail from other mail
# servers that is addressed to your local domain
auth_hosts = !*

# This says to permit relaying from any host with has succesfully
# authenticated
host_auth_accept_relay = *

# This says what hosts/networks are 'local', to accept relay from
# without authentication
host_accept_relay = " 192.68.0.0/16 : 12.34.56.78/24 : etc"

You may also probably want to add something like

"auth id = $authenticated_id "

to the received_header setting.


You will also need to add some appropriate authenticators to the
appropriate section of your config file. You might want to search the
list archives for something appropriate - what you want is quite
dependant on where the username/passwords you are using a stored,
wether your system uses PAM, etc

You probably want to support at least the PLAIN and the LOGIN methods
of authentication, to support the most popular clients.


On Thu, 15 Feb 2001, Chris Russell wrote:

>
> Hi All,
>
> I`m sure this is something someone can run off the top of their heads
> but I`m trying to do the following (and due to deadlines placed upon me,
> if someone can pull it off the top of theirs heads I`d be highly grateful).
>
> I need a rule to state if a message is sent from user x@??? (where x
> is the local domain) from a non-local host (ie: y.com) use SMTP auth
> to verify the sender.
>
> Ideas ?
>
> Chris
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>


--