On Fri, 16 Nov 2001, Guenter Riess wrote:
> Hi,
> I have some configuration trouble with relaying mail over SMTP-AUTH.
> I need the following configuration:
> - all local users are allowed to relay (with/without TLS) [works fine]
> - all users from the internet may only use our mail-server to relay if
> they use TLS encryption A N D they can authenticate themself with
> user/passwd
> All the parts seems to work, BUT the problem is, that currently every user
> outside can relay mail if he connects via TLS to our mail-server (with or
> without user/passwd authentication) . How can I restrict my configration?
> Currently the configuration looks like the following:
>
> host_accept_relay = localhost:172.30.0.0/16:OFFICIAL-IP-ADDRESSES
>
> tls_verify_hosts = *
> tls_advertise_hosts = *
> auth_over_tls_hosts = *
> tls_host_accept_relay = *
^^ this is what is allowing any TLS host to relay. Unset this, or set it
to
tls_host_accept_relay = !*
and then set
auth_host_accept_relay = *
>
> How can I restrict exim only to relay mail from users that can autthenticate
> them self with a SMTP-TLS connecttion? Whats wrong in the configuration above?
>
> Regards,
> G. Riess
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
--