Re: [Exim] Using "authenticated = *"

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Konrad Michels
Date:  
À: Tony Finch
CC: Exim-Users (E-mail)
Sujet: Re: [Exim] Using "authenticated = *"
Hi Tony
Thanks for the feedback. I see I do have an "accept authenticated = *"
in my exim config, but somehow it seems to be rejecting the connections
prior to this being reached. I'm wondering whether it isn't something
to do with the exiscan patch doing checks of some sort before the ACL is
being consulted . . .

Later
Konrad


On Tue, 2004-06-15 at 10:26, Tony Finch wrote:
> On Tue, 15 Jun 2004, Konrad Michels wrote:
> >
> > Right now I'm doing the usual checks against one or two DNSBL's, which
> > is, as expected, bouncing smtp connects appropriately. However, I'm
> > also bouncing smtp connects from SMTP authenticated users, which was not
> > my intention. From the manual, I gather I need to probably prefix my
> > entire ACL section with something like:
> >
> > if !(authenticated = *)
> >
> > do I not?
>
> Something like that. What I do on our servers is simlar to the following
> (though with a few extra bells and whistles that I've omitted here):
>
> check_sender:
>   # We check authorization early in order to simplify later ACLs.
>   accept   hosts         = +relay_hosts
>            set acl_m0    = true
>   accept   verify        = certificate
>            set acl_m0    = true
>   accept   authenticated = *
>            set acl_m0    = true
>   # Not authorized.
>   accept   set acl_m0    = false

>
> check_recipient:
>   # Always accept local postmaster and non-network email.
>   accept   recipients    = postmaster@+our_domains
>   accept   hosts         = :

>
>   # Accept non-bounce messages from authorized senders,
>   # but ensure that the reverse path is valid.
>   accept   condition     = $acl_m0
>           !senders       = :
>            endpass
>            message       = Invalid sender address: ${acl_verify_message}
>            verify        = sender/callout=postmaster

>
>   # If an authorized sender is sending a bounce, require the
>   # recipients to be valid. This is mainly to deal with the case
>   # where we have just rejected a message with an invalid sender,
>   # and the sending SMTP server is now trying to bounce it via us.
>   accept   condition     = $acl_m0
>            senders       = :
>            endpass
>            message       = Invalid bounce recipient address: ${acl_verify_message}
>            verify        = recipient/callout=postmaster

>
> # At this point we know the sending host is foreign.
> # We do some anti-spam checking at this point.
>
>   # Then do anti-relay checks.
>   require  message       = Relaying is not permitted
>            domains       = +our_domains

>
>   # All addresses must be valid. We do the sender callout after other
>   # checks to avoid unnecessarily irritating other email server admins.
>   require  message       = ${acl_verify_message}\n\
>                            See http://www.cam.ac.uk/cs/email/bounce.html
>            verify        = recipient/callout=defer_ok,use_sender
>            verify        = sender/callout=postmaster

>
> # Every check has been passed.
> accept