Re: [Exim] [soleil]Restricting Access on a transport/directo…

Góra strony
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
Dla: Odhiambo Washington
CC: Exim Users
Temat: Re: [Exim] [soleil]Restricting Access on a transport/director
On Fri, 13 Jul 2001, Odhiambo Washington wrote:

> I run a Fax Server incorporating HylaFAX and Exim and the process involves a single transport and
> director. I would like to limit access to this service via any of those two, if that could be possible.
> I could have authentication, say, against a username:passwd combination in a file in a user's $HOME.
> I don't intend to have AUTH in the whole server, only for the fax service. Is there a HOWTO for this
> somewhere I can access?? Restriction can also be achieved via HylaFAX itself but someone can fake an
> e-mail address and circumvent that, so I don't really like it.


You cannot use SMTP AUTH for a message's destination, because AUTH is
used to authenticate an incoming SMTP connection *before* any messages
are transmitted. So you don't know where the message is going.
Therefore, you cannot specify "must authenticate if destination is
HylaFAX".

However, you can arrange for the routing to the HylaFAX to work only if
the message arrived authenticated. When a message is received over an
authenticated connection, Exim knows this, and sets some variables, in
particular $sender_host_authenticated.

So, if you put something like

condition = ${if eq{$sender_host_authenticated}{}{no}{yes}}

on the relevant director or router, it would be skipped for messages
that arrived over unauthenticated channels. You could then have a
following router that routed to an autoreply transport to send a bounce
message for non-authenticated cases.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.