Re: [Exim] Offer some exim advice?

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Brett Thorson
CC: exim-users
Subject: Re: [Exim] Offer some exim advice?
Brett Thorson wrote:
> I have configured exim to work with majordomo and mailman, and I think it is
> great. It is so nice not to have to go work with those sendmail configs
> anymore. So now I am trying to clean some stuff up, and implement some new
> features. I have a "design" floating around in my head, but I was wondering
> if someone might have the time to just take a peek at it to say "Right idea,
> do it" or "Oh my gosh you have it all wrong". Thank you VERY much in
> advance.
> ---------------------------
> The mail server would be outside the firewall, and be used for incoming e-mail
> from everyone, and relaying for employees outside our network (working from
> home, authenticated with TLS / OpenSSL).
>
> We would have a spam filter program accepting mail on port 25. If the mail
> passes through the filter, then it gets sent into Exim for processing on an
> unadvertised SMTP port. Exim would restrict connections to this hidden port
> to the output of the SPAM filter (Same machine basically). It would also
> stop relaying.
>
> I would also like to run a relay for home users. Using the SSMTP port, accept
> and verify users, and then allow that mail to be sent through anywhere.
>
> Do I have the basics right? Or would I look at an option where everyone
> connects to port 25. Then if they don't start a secure connection
> TLS/Openssl with authentication I deny forwarding, and pass them to the spam
> filter. If they do open a secure connection and authenticate properly, I let
> them do whatever they want.
>
> Advice, or even "Look at this document for clues" would be greatly
> appreciated. Thank you all so much for your support thus far. The user
> community here is great!


Which exim-version do you use?
exim3 and 4 are VERY different.

How I would do it with exim4.

Use exim on port 25 and use a local_scan function (exiscan or sa-exim)
for the spam (and maybe also virus) scanning. Let users authenticate
over SSL connections-only, skip the spam-scanning if the sender is
authenticated.

Ohhh, and for the docs, spec.txt is just perfect :) you will also find
some config examples and a FAQ on www.exim.org

Nico