Re: [Exim] SMTP-Auth

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MBruce Richardson at <-
MMPaulo Andre at ->
Delete this message
Reply to this message
Author: Fred Viles
Date:  
To: exim-users
Subject: Re: [Exim] SMTP-Auth
On 13 May 2004 at 18:19, Yves Goergen wrote about
    "Re: [Exim] SMTP-Auth":


| On 13.05.2004 16:42 (+0200), Paulo Andre wrote:
| > I have mananged to get SMTP-Auth working but it seems to only requiring the
| > auth when sending email out of the server. When email is sent internally then
| > no auth is required. I would like to stop someone from using telnet to access
| > the server and send email from joesoap@??? to pandre@???,
| > with pandre being a 'live' email address. Is this possible and if so any
| > pointers.
|
| Is that possible at all? I mean, a mail server should be able to receive
| mail for local users in any case.

I think what Paulo is after is preventing unauthenticated sessions
from injecting messages claiming to be *from* local users.

If so, something like this in the RCPT ACL should do the trick: 

  deny    message = Spoofed sender address detected
    !hosts         = +relay_from_hosts
    !authenticated = *
    sender_domains = mydomain.com : [my.ip.add.ress]


- Fred






This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] vacation condition brokenRe: [Exim] acl_not_smtp->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)