> Hi guys,
>
> According to exim docs it issues challenge to client which issues an
> AUTH command, naming a specific mechanism (AUTH PLAIN for example).
>
> Very briefly, the way SMTP authentication works is as follows:
>
> *
>
> The server advertises a number of authentication /mechanisms/ in
> response to the client's EHLO command.
>
> *
>
> The client issues an AUTH command, naming a specific mechanism.
> The command may, optionally, contain some authentication data.
>
> *
>
> The server may issue one or more /challenges/, to which the client
> must send appropriate responses. In simple authentication
> mechanisms, the challenges are just prompts for user names and
> passwords. The server does not have to issue any challenges - in
> some mechanisms the relevant data may all be transmitted with the
> AUTH command.
>
> *
>
> The server either accepts or denies authentication.
>
> *
>
> If authentication succeeds, the client may optionally make use of
> the AUTH option on the MAIL command to pass an authenticated
> sender in subsequent mail transactions. Authentication lasts for
> the remainder of the SMTP connection.
>
> *
>
> If authentication fails, the client may give up, or it may try a
> different authentication mechanism, or it may try transferring
> mail over the unauthenticated connection.
>
> My question is how a can restrict clients/hosts that DO NOT issue AUTH
> command since I dont want everyone to send through my SMPT server. In
> other words i dont want to allow others to use my smtp server to relay
> their messages except if they authenticate to the server. But how to
> make them athenticate if they do not issue AUTH command? Obviously i
> have to restrict clients that do not issue AUTH command. How can i do
> that with Exim? (I dont want to restrict any IP in the Internet)
>
> Thank you in advance.
>
> Kosta
>
>
Today I added followed commands in exim4.conf as i was adviced by one of
list members.
in main section:
hostlist auth_relay_hosts = *
--------------------------------------
in ACL section
accept hosts = +auth_relay_hosts
accept hosts = +relay_hosts
endpass
message = Athentication required
authenticated = *
# Reaching the end of the ACL causes a "deny", but we might as well give
# an explicit message.
#
deny message = relay not permitted
---------------------
in Authenticators section
plain_server:
driver = plaintext
public_name = PLAIN
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
server_condition = "${if
crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $2
server_prompts = :
Thank you in advance.
Kosta
