Re: [Exim] disabling a system user

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Greg Folkert
Dátum:  
Címzett: EximUser List
Tárgy: Re: [Exim] disabling a system user
--
On Wed, 2004-07-28 at 23:14, JupiterHost.Net wrote:
> Greg Folkert wrote:
>
> > Blacklist them.
>
> I'm not sure I follow, how would I "blacklist" a single local system
> user from sending mail via exim?
>
> blacklist = spamsafeuser
> (IE noone can use spamsafeuser/password and hostname.tld to authenticate
> for SMTP with exim)
>
> ??
>
> I didn't see anythgin about that on exim.org ...
>
> Would that make it so that even if I gave you the user, pass and
> hostname you would be unable to use that info to do an Authenticated
> SMTP session?


I use Debian Sarge with Sid updates on specific issues.

From the default exim conf:

        # This access control list is used to determine whitelisted
        # senders and hosts. It checks for CONFDIR/local_host_whitelist
        # and # CONFDIR/local_sender_whitelist.
        #
        # It is meant to be used from some other acl entry.
        #
        # For example,
        # deny message = local blacklist example
        #      !acl = acl_whitelist
        #      dnslist = some.dns.list.example
        # will allow messages with envelope sender listed in
        # local_sender_whitelist or messages coming in from hosts listed
        # in local_host_whitelist to be accepted even if the delivering
        # host is listed in the dns list.
        #
        # Whitelisting can also be configured by including negative
        # items in the black list. See
        # /usr/share/doc/exim4-config/default_acl for details.
        #
        # If the files do not exist, the white list never matches, which
        # is the desired behaviour.


and from /usr/share/doc/exim4-config/default_acl

        Access Control in the default configuration
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        The Debian exim 4 package comes with a default configuration
        that allows flexible access control and blacklisting of sites
        and hosts. The acls involved can be found in
        /etc/exim4/conf.d/acl with the file names
        20_exim4-config_whitelist_local_deny and
        30_exim4-config_check_rcpt, thus all rejections of messages due
        to this mechanism happen at RCPT time. Local configuration of
        the mechanisms happen through data files in /etc/exim4, so there
        is normally no need to change the files in the acl subdirectory.


        /etc/exim4/local_sender_blacklist contains a list of envelope
        senders whose messages will be denied with the error message
        "locally blacklisted".  This is a full exim 4 address list, and
        all available features can be used. This includes negative
        items, and so it is possible to exclude addresses from being
        blacklisted. For convenience, as an additional method to
        whitelist addresses from being blocked, an explicit whitelist is
        read in from /etc/exim4/local_sender_whitelist. Entries in the
        whitelist override corresponding blacklist entries.


        In the blacklist, the trick is to read a line break as "or" if
        it follows a positive item, and as "and" if it follows a
        negative item.


        For example, a /etc/exim4/local_sender_blacklist


        domain1.example
        !local@???
        domain2.example
        domain3.example


        Exim just evaluates left to right (or up-down in the file
        listing context), so you don't get the same kind of operator
        binding as in a programming language.


        /etc/exim4/local_host_blacklist contains a list of IP addresses,
        networks and host names whose messages will be denied with the
        error message "locally blacklisted". This is a full exim 4 host
        list. Again, negative items can be used here, and there is also
        an explicit whitelist read in from
        /etc/exim4/local_host_whitelist, and whitelist entries override
        blacklistings.


        The example access list shipped in
        /usr/share/doc/exim4-config/examples/acl/30_exim4-config_example_check_rcpt
        includes a bunch of dnslists configured to warn and/or deny
        incoming messages. Some of these lists have a corresponding
        whitelist, read in from /etc/exim4/local_$DNSLISTNAME_whitelist
        which allows the local administrator to override dnslist entries
        for domains or IP addresses that should be able to send mail
        despite the dnslist entry.


If you need more info, please consider looking in spec.txt, as it
explains all of this. Or get Phillip's book on exim4. I did, never
regretted it (still don't in fact).

--
greg, greg@???

The technology that is
Stronger, better, faster: Linux
--
Content-Description: This is a digitally signed message part

[ signature.asc of type application/pgp-signature deleted ]
--