On Thu, 18 Apr 2002, Gary wrote:
> Hi Dave,
>
> By the way, thanks for the replies, it's a big help!
>
> Well I thought by setting *.hispeed.ch I'd be able to alow this DNS client
> to authenticate and along with SMTP AUTH, I should be relatively safe; I do
> see the danger though. I've actually followed this up in a speparate post
> regarding difficulty I've been having with getting TLS to work.
>
> In short:
>
> With exim4 compiled with the following options:
>
> AUTH_CRAM_MD5=yes
> AUTH_PLAINTEXT=yes
> AUTH_SPA=yes
> SUPPORT_TLS=yes
> TLS_LIBS=-lssl -lcrypto
> TLS_LIBS=-L/usr/local/ssl/lib -R/usr/local/ssl/lib -lssl -lcrypto
> TLS_INCLUDE=-I/usr/local/ssl/include/
>
> and the runtime configuration file with these options (I put them in the
> Authentication Configuration section because I couldn't find where else they
> belonged).
>
> tls_advertise_hosts = *
> tls_certificate = /usr/local/ssl/certs/smtp2.cert
> tls_privatekey = /usr/local/ssl/certs/smtp1.key
>
> exim fails to start with the following:
>
> Exim version 4.03 #5 built 18-Apr-2002 07:14:32
> Copyright (c) University of Cambridge 2002
> 2002-04-18 13:36:21 Exim configuration error in line 532:
> option "tls_advertise_hosts" unknown
>
> and the same thing goes for the exim_paniclog
>
> My theory is that somehow I don't have TLS compiled into the binary somehow
> (I'm staring at TLS_LIBS etc...).
Perhaps - note that you dont need TLS or SSL to do SMTP AUTH.
>
> Gary.
>
>
> ----- Original Message -----
> From: "Dave C." <djc@???>
> To: "Gary Ferrer" <gary@???>
> Cc: <exim-users@???>
> Sent: Thursday, April 18, 2002 9:17 PM
> Subject: Re: [Exim] relay question
>
>
> > On Thu, 18 Apr 2002, Gary Ferrer wrote:
> >
> > > Hello again,
> > > I've finally got relaying to work with exim 4!! I have a suspicious
> > > feeling that I may not have done it correctly so here's the relevant
> > > sections I'm wondering about:
> > > ---------------------------------------
> > > domainlist local_domains = ferrer.yi.org : antis.ch : antis.biz
> > > domainlist relay_to_domains = *
> > > hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/24 : *.hispeed.ch
> > >
> > > acl_smtp_rcpt = acl_check_rcpt
> > >
> > > acl_check_rcpt:
> > >
> > > accept domains = +local_domains : +relay_to_domains
> > > accept hosts = +relay_from_hosts
> > >
> > > ---------------------------------------
> > >
> > > So what I needed to do was to allow a remote client (on the hispeed.ch
> > > network) use the SMTP server to relay it's outgoing mail. Is this setup
> > > correclty?
> >
> > Its correct if you want to allow yourself to be an open relay.
> >
> > What if I set my PTR (for any IP address I might get assigned from an
> > ISP) to "blah.hispeed.ch".. There, now I can relay thru your server.
> >
> > 'hispeed.ch' is not a network - it is a DNS domain name. There is no
> > one-to-one relationship between networks and domains.
> >
> > For clients connection from IP networks not under your control, the use
> > of SMTP AUTH is the right way to go. The sender has to supply a
> > username/password pair whih you validate, and permit relay on success.
> >
> > >
> > > Thanks.
> > >
> > >
> > >
> > >
> > > --
> > >
> > > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
> > >
> > >
> >
> >
> > --
> >
> >
> >
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
--