Re: [exim] Final Solution

Top Page
Delete this message
Reply to this message
Author: Ron McKeating
Date:  
To: Andrew - Supernews
CC: Exim-Users \(E-mail\)
Subject: Re: [exim] Final Solution
On Fri, 2004-09-24 at 17:53, Andrew - Supernews wrote:
> >>>>> "Ron" == Ron McKeating <R.J.Mckeating@???> writes:
>
> Ron> The second daemon is started with the
>
> Ron> daemon exim -bd -q15m -tls-on-connect -C /usr/local/exim/configure-AOL
>
> Ron> command. The configure-AOL file tells it to listen on port 465 for
> Ron> tls-on-connect traffic.
>
> As others have pointed out the separate config is unnecessary.
>
> We currently run 3 daemons (one each for ports 25, 587, 465 - there is no
> benefit to us in combining port 25 and port 587 since we need to keep the
> connection limits different between the two) as follows:
>
> exim -bd -q17m
> exim -bd -oX 587 -oP /var/run/exim-submit.pid
> exim -bd -oX 465 -tls-on-connect -oP /var/run/exim-smtps.pid
>


Hi thanks for this, sorry for the delay in replying.

So as I understand your email I can leave out the line
daemon_smtp_ports = 25 : 587
form the exim configure file and just load the daemon with

exim -bd -oX 587 : 25
exim -bd -oX 465 -tls-on-connect -oP /var/run/exim/exim-smtps.pid

Though from looking at the manulal it seems I do not need to take the
line out of the config as the above commands overides it.

Do you agree?

> In the config, items such as ACL checks that need to differ according to
> which port is used explicitly check $interface_port, for example:
>
> IS_SMTP_PORT = ={$interface_port}{25}
>
> acl_smtp_connect = ${if IS_SMTP_PORT {check_connect}{accept}}
> acl_smtp_helo = ${if IS_SMTP_PORT {check_helo}{accept}}
> acl_smtp_mail = ${if IS_SMTP_PORT {check_mail}{accept}}
> acl_smtp_rcpt = ${if IS_SMTP_PORT {check_recipient}{check_submission}}
> acl_smtp_mime = check_mime_part
> acl_smtp_data = check_message
>


I don't think we are too bothered with which port they use, more
interested in if they are using a none campus ip address, then we want
to only allow them access if they are authenticated.

Cheers

Ron
> --
> Andrew, Supernews
> http://www.supernews.com

--
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329