On Tue, 2005-11-29 at 17:38 +0000, Josh Berry wrote:
> Thanks to both of you, think I've got it now.
>
> > What exactly are you trying to do?
>
> I am just trying to force SMTP auth for all clients, and suspect that
> adding "hosts_require_auth" to the SMTP transport will do the trick.
If you are adding stuff to a transport then thats affecting outgoing
mail - ie exim as a SMTP/Auth client to a remote MTA.
If you want to enforce clients connecting to you to use auth you want
something like this...
# In main part of config list restrictions on where we allow
# authenticated connections to come from - in this case we
# allow them from anywhere
hostlist auth_relay_hosts = *
....
# within RCPT acl
accept hosts = +auth_relay_hosts
authenticated = *
control = submission
an alternative (or addition) can be to allow (from very early within the
RCPT acl), all authenticated/encrypted connections to the MSA port
(587). The comment in this about doing rejections later is due to us
doing accept and bounce for bad addresses given here since we assume
anyone using an authed connection to us at least has a valid sender
address so we can return the bounce, or its our (postmaster's) job to
sort it out.
# accept authenticated, encrypted connections to the msa port
# Many clients are unhappy about rejections here, so do it
later
accept condition = ${if ={$interface_port}{587}{1}{0}}
endpass
authenticated = *
encrypted = *
control = submission
Hopefully that should give you the idea...
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
