> On Sat, 3 May 2003, Eric Parusel wrote:
>
> > Hello,
> >
> > I'm new to exim and I decided I wanted to try to use it because
> > I need quite a custom setup.
> > I've heard that exim is quite configurable!
> >
> > What I need to know is how possible it is to achieve what I'd like.
> >
> >
> > Here's some details (this is all for incoming connections):
> >
> > 1) Advertise TLS (shouldn't be a problem I don't think)
>
> Yes, easy to do.
Done.. thx
In the future, can I only allow SMTP AUTH when TLS is enabled
for the session? I assume this is possible by adding a line
to acl_check_rcpt(below)?
> > 2) Require SMTP AUTH, no matter what. Deny those that don't
> > use SMTP AUTH...
>
> So you don't have any trusted hosts?
Nope, everyone needs to auth...
See my config block below:
> > 4) Deny all relaying, and accept mail only to each account if
> > SMTP AUTH'd for that account. For example, server will
> > only accept mail enveloped to foo@??? if sender has
> > SMTP AUTH'd as foo@???.
>
> In general no problem, but what about bounces?
> In general, you could use an acl like this
>
> require message = Your senderaddress must be the same as your username
> senders = : $authenticated_id
>
> This should deny messages, not send either with an empty envelope from, or
> when the evelope from does not match $authenticated_id (you can set this
> when the user auhtenticates)
This should do it, right?
acl_check_rcpt:
accept hosts = :
deny local_parts = ^.*[@%!/|] : ^\\.
accept local_parts = postmaster
domains = +local_domains
require message = Your envelope to address must be the same as your SMTP
AUTH username
senders = : $authenticated_id
I think bounces from incoming mail should get sent to a special email
address if at all possible... I'll see if I can figure that out...
> > 3) Authenticate SMTP AUTH through LDAP.
>
> No problem, just use a ldap-lookup.
I'm having issues (most likely mental), I'm can't just use
server_condition = ${if ldapauth \
{user="uid=${quote_ldap:$1},ou=domains,dc=mydomain,dc=net" \
pass="$2" \
ldaps:///}{yes}{no}}
because I don't know the uid yet... What I want to search for
is (mail=$1). Is this possible by combining ldapauth and ldapdn?
I just can't figure out from the docs how to acheive this?
Thanks,
Eric
