Re: [Exim] only accept local users (for seval networks)

Top Pagina
Delete this message
Reply to this message
Auteur: Oliver Egginger
Datum:  
Aan: ice, djc, ph10
CC: exim-users
Onderwerp: Re: [Exim] only accept local users (for seval networks)
This is from wednesday. (Sorry I'am late.)
Thank you for your comments.
(Complete list on the end of this message)

your response (extract):

Tamas TEVESZ wrote:
> could you explain this in a little more depth ? as is, this doesn't
> make much sense to me.


Dave C. <> wrote:
> How do you intend to determine wether a user is local or not?


Philip Hazel <> wrote:
> If by "sender" you mean "envelope sender" you have two problems:
>
> 1. Senders are trivially forged.
>
> 2. You are required always to accept the sender "<>" because that's what
> bounce messages have.
>
> Basically, trying to control input by envelope sender is a bad idea.
> That's why AUTH was invented.



It's a little bit difficult to explain, please see describtion.


---------------------------------------------------------------------
### Description ###
---------------------------------------------------------------------
I'am talking about the "envelope sender" field.
At first I have to say that I'am only talking about a local mailserver for
a few thousand users. We are a technical college and get all our
e-mail through a big university mailsystem over the same IP-address,
(and a separat connexion).

The university mailsystem does the smtp-auth.
We are only accept smtp connection from the university and from our local networks.
The university is our smart host too.
If a user send mail from our local networks she or he don't have to authenticate herself.
If a user want send mail from the outside, she have to use the university mailout,
and must authenticate herself.
(Or she uses our radius-server then she have to authenticate herself against him.)

Some users have malformed (envelope)-sender addresses.
(Mostly typing errors.)

1. If something goes wrong these messages can't send back to the sender.
2. They arn't passed back to our mailserver, so I never hear from it.
Bad thing: the user never here from it too, maybe working for a long time with a bad
sender address (unintentional).
Also there are serval other problems with malformed or non local sender adresses and the
university.

----------------------------------------------------------------------
----------------------------------------------------------------------

I'am thinking the qualification of the university are passable. I only have to set up our MTA right.
Exims "sender_verify" quality helps a lot.
Only external sender addresses are still a problem.
If it would be possible to define a rule, that all external adresses faile at verification time, this would be the
solution. At first I was thinking about a director which only runs at verification time, but thats balderdash,
cause it don't will be called for a non local address.
Maybe it would be possible in Exim 4 when routers and directors grow together. I don't know.


regards
Oliver