Re: [Exim] ACL : need help on a relay

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Alan J. Flavell
Date:  
À: Exim users list
Sujet: Re: [Exim] ACL : need help on a relay
On Thu, 6 Nov 2003, Andreas Metzler wrote:

> Lets assume there is exec@??? and secretary@???. Now
> exec@??? goes to a business conference in Las Vegas and sends a
> summary to secretary@???. Do you want to reject this mail?


Yes, if it's unauthenticated. How else are you going to stop
unauthorised relaying?

So set the users up to authenticate over TLS when trying to transmit
mail from foreign networks. Works for us. We have a briefing in our
faqomatic to show our users how to configure their various clients so
that the client responds appropriately depending on where it is (our
exim prompts them differently depending on whether it sees them coming
from local network or from "outside". [1]

There are of course several other solutions (ssh, port forwarding,
webmail...). This is just one viable option.

cheers

[1] Btw, PINE users need to configure _two_ smtp server
configurations, the plain one and the authenticate-over-tls one.
PINE will try them both, and use whichever one succeeds. E.g

smtp-server = mail-relay.example/tls/novalidate-cert/user=username,
              mail-relay.example


Not that your hypothetical "exec" is going to be using PINE, but I
thought it worth a mention. PC-PINE is the same.

For Mozilla etc.: SMTP settings...
                  "Use secure connection:   (o)when available"