Thanks Alan,
This is in fact the good way to authenticate ppl connecting from outside,
using SMTP over TLS
----- Original Message -----
From: "Alan J. Flavell" <a.flavell@???>
To: "Exim users list" <exim-users@???>
Sent: Thursday, November 06, 2003 11:31 AM
Subject: Re: [Exim] ACL : need help on a relay
> On Thu, 6 Nov 2003, Andreas Metzler wrote:
>
> > Lets assume there is exec@??? and secretary@???. Now
> > exec@??? goes to a business conference in Las Vegas and sends a
> > summary to secretary@???. Do you want to reject this mail?
>
> Yes, if it's unauthenticated. How else are you going to stop
> unauthorised relaying?
>
> So set the users up to authenticate over TLS when trying to transmit
> mail from foreign networks. Works for us. We have a briefing in our
> faqomatic to show our users how to configure their various clients so
> that the client responds appropriately depending on where it is (our
> exim prompts them differently depending on whether it sees them coming
> from local network or from "outside". [1]
>
> There are of course several other solutions (ssh, port forwarding,
> webmail...). This is just one viable option.
>
> cheers
>
> [1] Btw, PINE users need to configure _two_ smtp server
> configurations, the plain one and the authenticate-over-tls one.
> PINE will try them both, and use whichever one succeeds. E.g
>
> smtp-server = mail-relay.example/tls/novalidate-cert/user=username,
> mail-relay.example
>
> Not that your hypothetical "exec" is going to be using PINE, but I
> thought it worth a mention. PC-PINE is the same.
>
> For Mozilla etc.: SMTP settings...
> "Use secure connection: (o)when available"
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at
http://www.exim.org/ ##
>
>