> -----Original Message-----
> From: Robert Kehl [mailto:mailinglists@robertkehl.de]
> > > You must be using any kind of firewall, aren't you? To stop your
> > > users
> > > emailing with a server other than yours, I suggest you use your
> > > firewall
> > > in the primary place.
> > My goal is to have this not just for the users on my LAN, but also
> > arbitrary outside users.
>
> Hm? You want the whole internet to just use your SMTP server? ;-)
no, just those should use my smtps server who get my specially crafted
address by means of a Reply-To or From header.
> If one of your users is connecting from the outside , he/she could as
> well connect to any SMTP server in or outside this world. You won't have
> control over that as long as you have no control over the administrative
> account of that particular machine. In short: No way.
> But... maybe I didn't get you right on this point?!
I was hoping to be able to configure my exim such that it will accept one
type of addresses that most others don't to avoid inadvertent sending over a
non-TLS-protected connection.
>
> > Also, in the meantime I noticed that Outlook doesn't allow me to send
> > just
> > "local_parts" because it automatically starts a contact list lookup.
> > So, I guess I really need further ideas.
>
> Add the dummy domain you use to your recipients' addresses. If Outlook
> finds an address without a domain, it assumes a lazy user and does an
> automatic search, as most email message would fail without a domain
> part.
>
> Your dummy domain would for sure never succeed when anyone uses a
> different SMTP server than yours, as the dummy domain probably won't
> resolve in real DNS.
Sounds like a good idea. Hope the other smtps domains really do reject that
dummy domain BEFORE "sucking" the body and attachment over the typically
unprotected wire.
>
> Exim itself relies on fully qualified addresses and therefore is
> internally working with them. If a non-qualified address arrives, the
> settings of
>
> primary_hostname
> qualify_domain
> qualify_receipient
> sender_unqualified_hosts
> receipient_unqualified_hosts
>
> determine how the address is converted to a fully qualified one.
<<
#1)
recipient_unqualified_hosts = *
#2)
qualify_recipient = placeHolderForNoDomain.com
begin acl
acl_check_rcpt:
#3)
accept hosts = :
deny local_parts = ^.*[@%!/|] : ^\\.
#4)
accept authenticated = *
>>
Right, doesn't my above exim.conf say
1) anybody can provide unqualified recipients
2) if an unqualified recipient is found, add "placeHolderForNoDomain.com"
3) anybody can send me a mail as long as local_parts condition is fulfilled
4) furthermore, each sender needs to SMTP-AUTH?
If that is right, I don't understand, why I get "5.1.2. Bad Recipient
format --- no domain specified..."
