At 9:34 am +0100 2004/11/25, Hochstrasser Benedikt wrote:
>Robert Cates wrote:
>
>> I'm having a hard time understanding this because I thought Exim
>checks
>> the From/Sender e-mail address (which would be of course
>user@???)
>> and will then attempt to send the mail.(?)
>
>Relaying is not allowed/prohibited on a sender email base. It is based
>on IP
>Addresses and/or authentication.
strictly speaking that depends on your configuration, still relaying
based on sender email address is a bad idea as it makes the server an
open relay, so I agree with you...
>When you have "Road Warriors" then you should use authentication like
>this:
>
>(global section)
>hostlist auth_relay_hosts = *
>
>(ACL section)
>accept hosts = +auth_relay_hosts
> message = authentication required
> authenticated = *
message in an accept acl rule is no use. You could have in the final
deny a messages on the lines of "relay forbidden without
authentication".
>(authentication section)
[...]
I would also suggest looking at PAM lookup for the authentication and
at requiring TLS for authentication (so that the password does not
pass clear text over the network). Plenty of information can be found
in the usual source (doc/spec.txt).
Giuliano
