Re: [Exim] TLS Relaying Problem

Top Page
Delete this message
Reply to this message
Author: Guenter Riess
Date:  
To: Dave C.
CC: exim-users
Subject: Re: [Exim] TLS Relaying Problem
Am Freitag, 16. November 2001 17:40 schrieben Sie:

Thanks,

this was the solution !! But I needed to use the host_auth_accept_relay.

Regards,
G. Riess

> On Fri, 16 Nov 2001, Guenter Riess wrote:
> > Hi,
> > I have some configuration trouble with relaying mail over SMTP-AUTH.
> > I need the following configuration:
> > - all local users are allowed to relay (with/without TLS) [works fine]
> > - all users from the internet may only use our mail-server to relay if
> > they use TLS encryption A N D they can authenticate themself with
> > user/passwd
> > All the parts seems to work, BUT the problem is, that currently every
> > user outside can relay mail if he connects via TLS to our mail-server
> > (with or without user/passwd authentication) . How can I restrict my
> > configration? Currently the configuration looks like the following:
> >
> > host_accept_relay = localhost:172.30.0.0/16:OFFICIAL-IP-ADDRESSES
> >
> > tls_verify_hosts = *
> > tls_advertise_hosts = *
> > auth_over_tls_hosts = *
> > tls_host_accept_relay = *
>
> ^^ this is what is allowing any TLS host to relay. Unset this, or set it
> to
>
> tls_host_accept_relay = !*
>
> and then set
>
> auth_host_accept_relay = *
>
> > How can I restrict exim only to relay mail from users that can
> > autthenticate them self with a SMTP-TLS connecttion? Whats wrong in the
> > configuration above?
> >
> > Regards,
> > G. Riess
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> > details at http://www.exim.org/ ##