Re: [exim] Authorizing smtp relay (only) for system users (w…

Top Page
Delete this message
Reply to this message
Author: Bill Hacker
Date:  
To: exim-users
Subject: Re: [exim] Authorizing smtp relay (only) for system users (with tls)
Marco wrote:

> I upgraded to the package exim4 (4.34-10).
> What config files/sections need changes?


Haven't a clue what macerations Debian does to Exim, but UNIX (and
apparently other-than-Debian Linux) versions of Exim run mail for
'on-box' shell account holders pretty much 'right out of the box'. Take
advantage of this to make your first tests.

Invest a bit of time going through the 'configure.default' example file,
make a copy as 'configure', and change as little as possible to start with.

You probably won't even have to set 'primary_domain' (it usually finds
that) or 'qualify_domain', but should look at those options early-on.

PRESUMING that what you mean by 'allow smtp relaying only for...' that
you are not running as just a 'smart host', and that your 'system users'
will actually be sending/receiving from an external MUA instead of
logging into shell accounts on the box itself, then you will probably
also have decisions to make as to a choice of a POP, IMAP (or both)
service, and your permitted AUTH methods, SSL/TLS, etc. both for Exim
and POP/IMAP.

Sooner or later, you will probably want to use something other than the
system password file/db to store UID/PWD. Have a look at 'vexim' and be
aware that 'stock' Exim can do all the database'ish things as well -
anyhting from a flat file to an SQL RDBMS.

However you store ID's, so long as the users are 'authorized' permitting
smtp won't be a problem. Example from the default configure file:

# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted.

accept authenticated = *

- that part is simple. The actual authentication can be also.

There are good online docs available, and lots of examples, but the
basic's need nothing more than a cruise through the configure.default
file, some careful reading, very few changes to start with, and (my
personal recommendation) plenty of testing and verifying before you go
'production'.

Exim has possibly the most extensive tools for such testing of any
available MTA:

man exim

Take note of the '-b{x}' and '-b{xy} switches. Some can do a 'for real'
test run, including testing filters, others can do a 'virtual' run and
tell you in detail what *would* take place without the need for
sending/receiving an actual message.

Such tools, plus Exim's ability to use whatever ports you tell it to use
and look for SSL/TLS certs wherever you choose to store them, make it
really easy to get a new MTA sorted while the old one is still running -
even if the old one is not Exim or the domain.tld will be new.

The incredibly flexible tools you see discussed here w/r spam reduction
and other special handling can come later.

There is a learning curve, as in flying:

"Flying is not inherently dangerous. But, to an even greater extent than
the sea, is extremely unforgiving of any carelessness, incapacity or
neglect".

So too, with an MTA as flexible as Exim, so it is wise to stick close to
the defaults until you have good reason to change.

HTH,

Bill Hacker


>
> On Wed, 16 Feb 2005 22:48:16 +0800, Bill Hacker <wbh@???> wrote:
>
>>Marco wrote:
>>
>>
>>>I have no knowledge in exim configuration, but I really need to
>>>configure my system (debian sarge with exim-tls 3.35-3woody3) to allow
>>>smtp relaying to (and only to) all my system users, using their user
>>>account password (and I wouldn't like to change exim config every time
>>>I create a user account).
>>>
>>>What is the right way to do this? Could you help me?
>>>
>>>Thanks,
>>>Marco
>>>
>>
>>If you could take the time to upgrade to a current Exim release (4.4X)
>>*lots* of help is here and in the current docs.
>>
>>With 3.35 you are asking for archeology ....
>>
>>Bill Hacker
>>
>>
>>--
>>## List details at http://www.exim.org/mailman/listinfo/exim-users
>>## Exim details at http://www.exim.org/
>>## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>>
>
>