OK, thanks Tony, but in my folow-up message I noticed in my log 'P=esmtpsa',
when I send out per Courier IMAP(-SSL). I'm not sure what the differences
are.
Next, I have 'relay_from_hosts = 127.0.0.1 : 192.168.1.0/24 : *.kormar.net :
*.kormar.de' defined. Should I change that to 'hostlist relay_from_hosts =
: @[] :'? Would that be better?
As far as my ACLs, I only have:
acl_smtp_rcpt = acl_check_rcpt (the default, nothing changed)
acl_smtp_data = acl_check_data (setup for SpamAssassin)
acl_not_smtp = acl_check_data (setup for SpamAssassin)
I would like to use:
#acl_smtp_auth = acl_check_auth
#acl_smtp_starttls = acl_check_auth
#acl_check_auth:
# accept hosts = +auth_relay_hosts
## endpass
# require verify = sender
# accept authenticated = *
# deny domains = !+local_domains
# message = relay forbidden without authentication
but I don't know how to set that up safely.
Thanks,
Robert
-----Original Message-----
From: Tony Finch [
mailto:fanf2@hermes.cam.ac.uk]On Behalf Of Tony Finch
Sent: Montag, 17. Oktober 2005 11:45
To: Robert Cates
Cc: Exim, Users
Subject: Re: [exim] problem with authentication (and esmtpa)
On Mon, 17 Oct 2005, Robert Cates wrote:
> server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
This means that you will only offer authentication over TLS. So your
server will never allow P=esmtpa because that's authentication without
TLS.
As far as I can tell, Exim is doing what it should, except that it's
allowing unauthenticated outgoing relaying. You didn't post your ACLs so
we can't tell you exactly what to fix, but in the default configuration
you would set:
hostlist relay_from_hosts = : @[] :
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}