Re: [Exim] Weird configuration of exim server....

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Eric Parusel
Date:  
À: Nico Erfurth
CC: exim-users
Sujet: Re: [Exim] Weird configuration of exim server....
> On Sat, 3 May 2003, Eric Parusel wrote:
>
> > Hello,
> >
> >     I'm new to exim and I decided I wanted to try to use it because
> > I need quite a custom setup.
> > I've heard that exim is quite configurable!

> >
> > What I need to know is how possible it is to achieve what I'd like.
> >
> >
> > Here's some details (this is all for incoming connections):
> >
> > 1) Advertise TLS (shouldn't be a problem I don't think)
>
> Yes, easy to do.


Done.. thx
In the future, can I only allow SMTP AUTH when TLS is enabled
for the session? I assume this is possible by adding a line
to acl_check_rcpt(below)?


> > 2) Require SMTP AUTH, no matter what.  Deny those that don't
> >    use SMTP AUTH...

>
> So you don't have any trusted hosts?


Nope, everyone needs to auth...
See my config block below:


> > 4) Deny all relaying, and accept mail only to each account if
> >      SMTP AUTH'd for that account.  For example, server will
> >      only accept mail enveloped to foo@??? if sender has
> >      SMTP AUTH'd as foo@???.

>
> In general no problem, but what about bounces?
> In general, you could use an acl like this
>
> require message = Your senderaddress must be the same as your username
>         senders = : $authenticated_id

>
> This should deny messages, not send either with an empty envelope from, or
> when the evelope from does not match $authenticated_id (you can set this
> when the user auhtenticates)


This should do it, right?

acl_check_rcpt:
  accept  hosts = :
  deny    local_parts   = ^.*[@%!/|] : ^\\.
  accept  local_parts   = postmaster
          domains       = +local_domains
  require message = Your envelope to address must be the same as your SMTP
AUTH username
          senders = : $authenticated_id



I think bounces from incoming mail should get sent to a special email
address if at all possible... I'll see if I can figure that out...


> > 3) Authenticate SMTP AUTH through LDAP.
>
> No problem, just use a ldap-lookup.


I'm having issues (most likely mental), I'm can't just use

server_condition = ${if ldapauth \
 {user="uid=${quote_ldap:$1},ou=domains,dc=mydomain,dc=net" \
      pass="$2" \
      ldaps:///}{yes}{no}}


because I don't know the uid yet... What I want to search for
is (mail=$1). Is this possible by combining ldapauth and ldapdn?
I just can't figure out from the docs how to acheive this?


Thanks,
Eric