RE: [exim] problem with authentication (and esmtpa)

Top Page
Delete this message
Reply to this message
Author: Robert Cates
Date:  
To: exim-users
Subject: RE: [exim] problem with authentication (and esmtpa)
OK, thanks Tony, but in my folow-up message I noticed in my log 'P=esmtpsa',
when I send out per Courier IMAP(-SSL). I'm not sure what the differences
are.

Next, I have 'relay_from_hosts = 127.0.0.1 : 192.168.1.0/24 : *.kormar.net :
*.kormar.de' defined. Should I change that to 'hostlist relay_from_hosts =
: @[] :'? Would that be better?

As far as my ACLs, I only have:
acl_smtp_rcpt = acl_check_rcpt (the default, nothing changed)
acl_smtp_data = acl_check_data (setup for SpamAssassin)
acl_not_smtp = acl_check_data (setup for SpamAssassin)

I would like to use:
#acl_smtp_auth = acl_check_auth
#acl_smtp_starttls = acl_check_auth

#acl_check_auth:

#  accept  hosts         = +auth_relay_hosts
##          endpass
#  require verify        = sender
#  accept  authenticated = *
#  deny    domains       = !+local_domains
#          message       = relay forbidden without authentication


but I don't know how to set that up safely.

Thanks,
Robert



-----Original Message-----
From: Tony Finch [mailto:fanf2@hermes.cam.ac.uk]On Behalf Of Tony Finch
Sent: Montag, 17. Oktober 2005 11:45
To: Robert Cates
Cc: Exim, Users
Subject: Re: [exim] problem with authentication (and esmtpa)


On Mon, 17 Oct 2005, Robert Cates wrote:

> server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}


This means that you will only offer authentication over TLS. So your
server will never allow P=esmtpa because that's authentication without
TLS.

As far as I can tell, Exim is doing what it should, except that it's
allowing unauthenticated outgoing relaying. You didn't post your ACLs so
we can't tell you exactly what to fix, but in the default configuration
you would set:
    hostlist relay_from_hosts = : @[] :


Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}