On Sat, 24 Aug 2002, Ben Lutgens wrote:
> --
> Am using exim-4.10 from source on a redhat-7.3 box with all the updates and
> a self compile and working pam_exim module.
>
> As I understand it, the following bit from my "acl_check_rcpt" ACL should
> allow anything listed in "relay_from_hosts" to relay mail providing the
> recpient if valid of course.
>
> accept hosts = +relay_from_hosts
> verify = recipient
>
> Now, in my relay_from_hosts I have the following:
>
> hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.0/8
isn't /8 a little bit to big? this would be 192.*.*.* and in this space
are public addresses too.
> Yet for some reason I am not allowed to relay mail.
>
> Aug 25 04:14:25 mail exim[2986]: 2002-08-25 04:14:25 H=(hostname)
> [192.168.1.143] F=<stripped@???> rejected RCPT
> <valid@???>: relay not permitted
>
> Am I missing something?
You must be careful, the ACLs are run from top to bottom, so if another
rule denies you, your one will never be used, try exim -d -bh IP
> Further I'd like to have "acl_smtp_auth = acl_check_auth" that says "Do not
> allow AUTH unless we're using TLS" and I believe that I can should be able
> to do:
>
> acl_check_auth:
> accept encrypted = *
> deny message = TLS encryption required before auth
>
> But I can't test this for accuracy before I get the previous rule working.
> Any help appreciated.
This should work in any case, because the auth-phase comes before the
mail-envelope. try to run exim -d -bs or exim -d -bh some.ip.addr.here and
send some authentication-data it should be denied with your message.
ciao