RE: [Exim] forced open relay

Top Page

Reply to this message
Author: Rick Cooper
Date:  
To: Leonardo Boselli, exim-users
Subject: RE: [Exim] forced open relay
I have a similar situation. No local user can send mail without
authenticating, except from host 127.0.0.1 We have a web mail
package installed on the mail servers (twiggi) and users must
authenticate with Apache before gaining access to the web mail
system and then, of course they must be a valid twiggi user and
are IMAP authenticated before being able to actually log in to
the web mail server. This allows roaming users to reach their
email from any client/place that they can reach the internet
from. Since it's IMAP based it also allows them to retrieve the
mail to their local folders once they have returned. I have a
custom script that creates all the twiggi information when the
e-mail user is created, and removes the twiggi information when
the user is deleted (we use 100% virtual users, there is only one
non system Unix user on each box.. me). It's a bit more work
initially but it keeps the mail servers relay free.

Rick

> -----Original Message-----
> From: exim-users-admin@???
> [mailto:exim-users-admin@exim.org]On
> Behalf Of Leonardo Boselli
> Sent: Saturday, January 24, 2004 10:59 AM
> To: exim-users@???
> Subject: [Exim] forced open relay
>
>
> Problem: some people of our departmente sometimes conenct from
> autside.
> From a particular site there are however these costraints:
> 1. They cannot change the programs used there, so no
> authentication is
> possible; only plain SMTP (They can however choose
> the smtp server !)
> 2. The local mail server allows ONLY messages having
> as a _from_ field
> a local user, so they cannot send emai with their
> perlonal address
> 3. The ws there are natted, and IP addrres given is
> different even for
> different call from same machine, so a pop befor smtp
> is not feasible.
> 4. Only "favorable" situation is that the address
> given are only 20 ones,
> consecutive ....
> 5. Another favorable situatioin is that is
> acceptable to allow that each
> message be sent only to one address.
>
> I thought about setting something that
> IF ( (the host is in that 20 ones) AND (there is ONLY
> one RCPT) )
> THEN accept.
> An intersting option would be "accept and bounce a
> copy of the message
> to the alleged sender", so s/he can have a copy in the
> local mailbox
>
> Do you have any hint on how to do ?
> --
> Leonardo Boselli
> Nucleo Informatico e Telematico del Dipartimento
> Ingegneria Civile
> Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze
> tel +39 0554796431 cell +39 3488605348 fax +39 055495333
> http://www.dicea.unifi.it/~leo
>
>
> --
>
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>