Re: [Exim] authentication problem with client (webmail)

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: volker
CC: exim-users
Subject: Re: [Exim] authentication problem with client (webmail)
On Fri, 3 May 2002, volker wrote:

> hi,
>
> can anybody help me setting up my exim 4 with authentication...
>
> i got it working, now i need authentication with netscape, never tested
> with outlook, coming soon...
>
> but, if i use my squirrelmail webmail interface, its still sending mail
> over sendmail (symbolic link to exim-binary) without yuthentication,
> ...spammers do so too, and i can see in my logfiles that remote servers
> talking to my host as it is an open relay.



Authentication only applies to outside hosts connecting via SMTP, and
will not apply to your webmail program if it is calling sendmail
locally....


>
> how can i stop relaying and make authentication work with
> squirrel-webmail?
>
> i must be compatible to dial-up users, but i think i could verify the
> senders_helo_name against the list of hosted domains in a database
> (exim4 works fine with postgres 7.1)
>
> so can anybody help me setting up my acl's or auths?
>
> here is what my config says:
> i added:
>
> auth_advertise_hosts = *
>
> to the main-section
>
> and:
> ######ACL#######
> begin acl
>
> acl_check_rcpt:
>
>   accept  hosts = :
>   deny    local_parts   = ^.*[@%!/|]
>   require condition = "${if and { \
>                         {!eq{$sender_helo_name}{}} \
>                         {!eq{$domain}{}} \
>                         {eq{$sender_helo_name}{${lookup pgsql{SELECT
> domain FROM domain WHERE domain='$sender_helo_name' limit
> 1}{$value}fail}}} \
>                         } {yes}{no}}"

>
>   accept  local_parts   = postmaster
>           domains       = +local_domains
>   require verify        = sender

>
>
>   accept  domains       = +local_domains
>           endpass
>           message       = unknown user
>           verify        = sender : recipient
>    require condition = "${if and { \
>                         {!eq{$sender_helo_name}{}} \
>                         {!eq{$domain}{}} \
>                         {eq{$sender_helo_name}{${lookup pgsql{SELECT
> domain FROM domain WHERE domain='$sender_helo_name' limit
> 1}{$value}fail}}} \
>                         } {yes}{no}}"

>
>
>
>  accept  domains       = +relay_to_domains
>  require condition = "${if and { \
>                         {!eq{$sender_helo_name}{}} \
>                         {!eq{$domain}{}} \
>                         {eq{$sender_helo_name}{${lookup pgsql{SELECT
> domain FROM domain WHERE domain='$sender_helo_name' limit
> 1}{$value}fail}}} \
>                         } {yes}{no}}"
>           message       = unrouteable address
>           verify        = recipient : sender

>
>
> accept authenticated = *
>
> possible :((
>   accept  hosts         = +relay_from_hosts
>   deny    message       = relay not permitted

>
>
>
>
>
> ###authenticators
> ###works fine but not for webmail :((
>
> db_plain_auth:
>     driver = plaintext
>     public_name = PLAIN
>     client_send = \
>         "^username^password"

>
>    server_condition = "${if and { \
>                         {!eq{$2}{}} \
>                         {!eq{$3}{}} \
>                         {eq{$3}{${lookup pgsql{SELECT passwd FROM
> account WHERE account='$2' limit 1}{$value}fail}}} \
>                         } {yes}{no}}"

>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>



--