[Exim] [Fwd: Re: Authentication problem]

Pàgina inicial
Delete this message
Reply to this message
Autor: Kostadin Kostadinov
Data:  
A: exim-users
Assumpte: [Exim] [Fwd: Re: Authentication problem]
> Hi guys,
>
> According to exim docs it issues challenge to client which issues an
> AUTH command, naming a specific mechanism (AUTH PLAIN for example).
>
> Very briefly, the way SMTP authentication works is as follows:
>
>    *

>
>      The server advertises a number of authentication /mechanisms/ in
>      response to the client's EHLO command.

>
>    *

>
>      The client issues an AUTH command, naming a specific mechanism.
>      The command may, optionally, contain some authentication data.

>
>    *

>
>      The server may issue one or more /challenges/, to which the client
>      must send appropriate responses. In simple authentication
>      mechanisms, the challenges are just prompts for user names and
>      passwords. The server does not have to issue any challenges - in
>      some mechanisms the relevant data may all be transmitted with the
>      AUTH command.

>
>    *

>
>      The server either accepts or denies authentication.

>
>    *

>
>      If authentication succeeds, the client may optionally make use of
>      the AUTH option on the MAIL command to pass an authenticated
>      sender in subsequent mail transactions. Authentication lasts for
>      the remainder of the SMTP connection.

>
>    *

>
>      If authentication fails, the client may give up, or it may try a
>      different authentication mechanism, or it may try transferring
>      mail over the unauthenticated connection.

>
> My question is how a can restrict clients/hosts that DO NOT issue AUTH
> command since I dont want everyone to send through my SMPT server. In
> other words i dont want to allow others to use my smtp server to relay
> their messages except if they authenticate to the server. But how to
> make them athenticate if they do not issue AUTH command? Obviously i
> have to restrict clients that do not issue AUTH command. How can i do
> that with Exim? (I dont want to restrict any IP in the Internet)
>
> Thank you in advance.
>
> Kosta
>
>

Today I added followed commands in exim4.conf as i was adviced by one of
list members.
in main section:
hostlist auth_relay_hosts = *
--------------------------------------
in ACL section
accept hosts = +auth_relay_hosts
accept hosts = +relay_hosts
      endpass
      message = Athentication required
      authenticated = *
 # Reaching the end of the ACL causes a "deny", but we might as well give
 # an explicit message.
 #
 deny message = relay not permitted


---------------------
in Authenticators section

plain_server:
driver = plaintext
public_name = PLAIN
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
server_condition = "${if
crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $2
server_prompts = :

Thank you in advance.

Kosta