Just been giving a little thought to MSA (Message Submission Agent) -
see RFC2479 (
http://www.faqs.org/rfcs/rfc2476.html ).
For those not well up on TLAs, MSA is basically SMTP for MUAs to use
when talking to their MTAs. It runs on an alternative port - 587. In
practice MSA submission should require authentication (or possibly allow
non-authenticated connections from trusted IPs only).
My thoughts are that to support MSA into exim you need to do the
following (untested) changes:-
1. Add the MSA port to your main config:-
daemon_smtp_port = smtp : sma
or
daemon_smtp_port = 25 : 587
2. Refuse non-authenticated connections to send mail, by doing
something like this in the MAIL FROM ACL:
acl_check_from:
# drop connections on SMA port that do not authenticate
drop condition = ${if ={$interface_port}{587} {1}{0}}
!authenticated = *
# accept everything else (policy checks are in rcpt acl)
accept
3. Potentially rework the rcpt/data acls, however these often already
have a get out early if authenticated = * is set.
The big reason for doing this is to handle the difference between
"customer" (ie someone you expect to be pushing mail through your boxes)
mail which you may well be relaying out, and incoming mail.
As I said the recipes above are untested, and just part of a thought
process on how to handle SMA - especially since theres more and more a
push to close down port 25 except for real mail servers.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
