Re: [Exim] Forcing tls authentication

Top Page
Delete this message
Reply to this message
Author: Christopher Curtis
Date:  
To: Philip Hazel
CC: Exim Users Mailing List
Subject: Re: [Exim] Forcing tls authentication
Apologies for the confusion ... let me try to be more specific:

On Fri, 2 Nov 2001, Philip Hazel wrote:

> You want people running an MUA from a random network to be able to
> relay if they are authenticated, and they must authenticate over TLS.
>
> So far, so good. You can do this by setting
>
>   auth_over_tls_hosts = *           <= must use TLS before AUTH
>   host_auth_accept_relay = *        <= may relay if authenticated


Yes. This is correct and functioning.

> > The problem with forcing authentication is that this forces remote SMTP
> > servers to authenticate,
>
> The word "force" here is confusing. As I said in an earlier message, you
> can't "force" the remote server to do anything. All you can do is to
> reject mail if they don't do something. So this is where I'm confused.


Okay. All I mean here is that if I say auth_hosts=* then nobody will be
able to receive mail, since foreign SMTP servers will not authenticate.

> > which none do, so no local mail is ever
> > delivered.
>
> What exactly to you mean by "local mail"? Exim should always accept mail
> for any domains in local_domains, whether or not the sending host is
> authenticated.


This does not appear to be the case. If I set auth_hosts=* I get:
MAIL FROM: ccurtis@???
530 Authentication required

Without bothering to find out where it's going to.

> > But what I can't do is make it force AUTH
> > if in TLS, which would solve the local->local problem.
>
> I'm not clear about what you mean by "local->local". Do you mean "host
> on local LAN relaying to another host on local LAN"? Or something to do
> with local mailboxes on the server in question? If the former, you can
> set hosts_accept_relay to allow hosts on your LAN to relay without any
> other conditions.


And if the latter ... ?

The whole scenario is this: This machine sits at an ISP on an isolated
network. There are these three conditions:

Sender        Recipient    Action
------        ----------    ------
non-local mail    non-local mail    reject
non-local mail    local mail    deliver if remote_sender valid (callback)
local mail    remote mail    require TLS, authentication; deliver
local mail    local mail    require TLS, authentication; deliver


What I have is this:

Sender        Recipient    Action
------        ----------    ------
non-local mail    non-local mail    reject
non-local mail    local mail    deliver if remote_sender valid (callback)
local mail    remote mail    require TLS, authentication; deliver
local mail    local mail    deliver



Now, the connection will not be made from the local machine, nor from the
local LAN, nor from any predermined LAN. Support staff will be traveling
and connecting from many unknown networks, all of which are untrusted.
And everything works fine unless joe@??? sends email to fred@???
over this LAN, because exim doesn't say 'you must use TLS' and 'you must
authenticate yourself'. auth_if_relay is fine, but I need something along
the lines of auth_if_local_email. That would solve everything.

What I was thinking of before, is that you can force your mail client to
always use TLS and I wanted exim to say 'if you are using TLS, you must
authenticate to send mail anywhere', but that's not ideal I now see.
This would also have the added problem that spammers could abuse this by
finding a local account, using TLS, not authenticate, and spam everyone at
this host, or just forge email in general. I'd like to prevent that as
well as best I can.

Hope this clears the problem space up some,
Chris