Re: [Exim] Relay from dynamic IPs

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andreas J Mueller
Date:  
À: Gergely KODAJ
CC: exim-users
Sujet: Re: [Exim] Relay from dynamic IPs
Hi Gergely!

> I have red some docs about SMTP auth, those are confused me.


SMTP auth commonly means authentication using the SMTP AUTH command,
which has been introduced to grant normally untrusted clients relay
access through an SMTP server. There are other means of
authenticating clients, for example by having a certain IP address or
presenting a valid SSL certificate when using TLS. There is even an
ISP in Germany that allows clients to relay through their servers if
they present a 'valid' sender (e-mail) address (not very smart).

> I have try relay mails from remote clients, have dynamic IPs.


If you want to relay mails from dynamic IPs, and if you cannot
identify the source by other means (see below), then using SMTP AUTH
(authentication through the SMTP AUTH command) and SMTP after POP3 are
two common methods of authentication. SMTP after POP3 means that
clients will have to perform a mail check, which identifies them and
gives you their IP address, and afterwards can use your SMTP server
for a limited time from the *same* IP address that they used to check
their mail.

> Can exim "connect" to /etc/passwd n' ~/shadow directly , or
> as i have red as i have to make an ~/exim/passwd file (how can i make
> it) ?


Exim is able to use PAM authentication to check if a username/password
combination belongs to a valid system account. You can also use some
kind of authentication daemon that listens on a socket, and feed it
the username/password through ${readsocket...}. If you want to use
CRAM-MD5, you need some kind of plain text database, which can be as
simple as a text file that can be lsearched:

user1: password
user2: 2fast4u
...

> 2,
> eg.: the domain is 123.123.0.0/16


That's not a domain, it is a range of IP addresses.

>       can i set this, only thist domain 'll be SMTP authenticated.


Sure, just add 123.123.0.0/16 to the +relay_from_hosts list in the
default Exim config.

>      Because local domain and static IPs are welcome :)


If you are an ISP that has addresses assigned in the 123.123.0.0/16
netblock, and you want to provide an SMTP relay for your clients, that
makes sense. But *only* if you are able to identify a client based on
the IP address he/she uses. Otherwise, you will have a hard time
acting on abuse reports. If you have dynamic IP addresses in this
range, then you will have to maintain a database showing which client
has been assigned which IP address at a specific time. You don't have
to configure SMTP AUTH in this case.

> 3,
> What have i modificate in exim.conf?


See above for the simple case. If you want to configure your server
for SMTP AUTH, however, there is more you need to do. SMTP AUTH is
only one of many ways to authenticate clients for relay access.

Andy