Re: [Exim] SMTP-Auth

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Fred Viles
Date:  
À: exim-users
Sujet: Re: [Exim] SMTP-Auth
On 13 May 2004 at 18:19, Yves Goergen wrote about
    "Re: [Exim] SMTP-Auth":


| On 13.05.2004 16:42 (+0200), Paulo Andre wrote:
| > I have mananged to get SMTP-Auth working but it seems to only requiring the
| > auth when sending email out of the server. When email is sent internally then
| > no auth is required. I would like to stop someone from using telnet to access
| > the server and send email from joesoap@??? to pandre@???,
| > with pandre being a 'live' email address. Is this possible and if so any
| > pointers.

|
| Is that possible at all? I mean, a mail server should be able to receive
| mail for local users in any case.


I think what Paulo is after is preventing unauthenticated sessions
from injecting messages claiming to be *from* local users.

If so, something like this in the RCPT ACL should do the trick:

  deny    message = Spoofed sender address detected
    !hosts         = +relay_from_hosts
    !authenticated = *
    sender_domains = mydomain.com : [my.ip.add.ress]


- Fred