On Fri, 22 Apr 2005, Odhiambo G. Washington wrote:
>
> So if you define
>
> hostlist auth_relay_hosts = a.b.c.d/24
>
> and then in acl_smtp_auth you do:
>
> ####
> deny hosts = !+auth_relay_hosts
> endpass
> message = You are not allowed to use SMTP AUTH from
> $sender_host_address
> encrypted = *
>
> accept
> #####
>
>
> Just an idea.....
>
Yes, that's the 'global' option. My current per-user iteration is
in the rcpt acl:
accept sender_domains = +accepted_here_domains
authenticated = *
endpass
message = AUTH not allowed for $sender_address
condition = ${if exists \
{CFG_DIR/$sender_address_domain/$sender_address_local_part/auth-hosts}{1}{0}}
hosts = CFG_DIR/$sender_address_domain/$sender_address_local_part/auth-hosts
>
> How do you expect to get the "user" if you want to restrict AUTH
> by rDNS?
>
Exactly! Is there a way to know the username, and check it against
auth-hosts, *before* the password is checked? I need to do some more
reading of spec.txt. I suspect there is a way to do this, I just need
to spend some more time to figure it out. (and maybe get lucky enough
to get some hints from the mailing list)
I tried using acl_smtp_mailauth, but didn't have much luck (and so
reverted to using the rcpt acl while I do more research). My more
recent reading of spec.txt suggests that acl_smtp_auth (or the
authenticator itself) is likely the correct place to do what I'd
like.
Thanks,
Dave
--
--------------------------------------------------------
Dave Lugo dlugo@??? LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
