Re: [Exim] Auth

Pàgina inicial
Delete this message
Reply to this message
Autor: Dave C.
Data:  
A: Phil Pennock
CC: root, exim-users
Assumpte: Re: [Exim] Auth
On Thu, 31 Jan 2002, Phil Pennock wrote:

> On 2002-01-31 at 08:53 +0100, root wrote:
> > I have two servers one of them with Exim 3.33-1.1 and the other one with 3.12
> >
> > I would like to don't permit that everybody can connect to my smtp port and make spam.
>
> So don't set the rule allowing this.
>
> > If i write in my exim.conf "relay_domains *" everybody can connect to my smtp port and make spam.
>
> That defines which domains you will accept mail for, and then try to
> pass on to the real domain. You use it if you're a backup MX for a
> domain.
>
> > I have read the config.samples and i have set up as config.sample C039 but it don't work.
>
> You need to provide:
>
>  * more background information, explaining what you're trying to have
>    your mail-system do
>  * what exactly doesn't work

>
> > Please let me know how can i do for only can connect to my smtp port my users.


If you want to be able to let "your users" relay through your server,
you need to be able to specify how you identify "your users"

If your users are all on your local LAN, or you provide them dialup
connectivity (eg, if their IP addresses are provided by you), then you
can set 'host_accept_relay' to identify the numeric networks of the IP
addresses they are on.

If your users might be connecting to you via the Internet, where they
get their connectivity from a third party, you need to have some way of
kaving them provide an id/password to establish that they are your
customer/user. One way is SMTP AUTH(entication), another way is
POP-before-SMTP.

With SMTP AUTH, they use an extension to SMTP that asks for a password,
and you can set 'host_auth_accept_relay = *', to permit any user that
can pass the authentication to relay. Not all clients support this,
although most modern/popular ones do.

With POP-before-SMTP, you arrange for your POP server to record IP
addresses (and timestamps) that have given a valid ID/password to login
in a place exim can see them, and then add that with a lookup type to
host_accept_relay. You also need to make sure you have something
removing them after a fairly short period of time (say 15 minutes) after
they are recorded. No special support in the client is needed for this,
they just have to check their mail before they try to send.

A VERY BAD way that some people want to try and identify their users
when they are connecting from the Internet is by the From: address they
provide, usually they say 'anyone who is sending from my domain is my
customer, let them send', and while this might look like a good idea, it
is NOT. There is *nothing* stopping any random spammer from simply using
an address as his From: address in your domain that he knows or guesses
is valid (say, postmaster@???, which is *required* to be
valid), and then your server would let them send their spam, and worse
yet, it looks like YOU sent it. So stay away from trying this. If you
need to let users send from the Internet, stick with one (or both even)
of the first two..



>
> Don't set relay_domains to anything. Just leave it out of the
> configuration.
>
> If you want to accept mail from some local hosts, and act as a smarthost
> for them for outbound email, look at hosts_accept_relay.
>
> Point a web-browser at:
> <http://www.exim.org/exim-html-3.30/doc/html/spec.html>
> and read "46.4 Control of relaying". Use a browser capable of handling
> graphics -- there's a very useful diagram.
> --
> Hide not your talents, they for use were made.
> What's a sundial in the shade? -- Ben Franklin
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>


--