Re: [exim] host_auth_accept_relay problem

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Josh Berry
CC: exim-users
Subject: Re: [exim] host_auth_accept_relay problem
On Tue, 2005-11-29 at 17:38 +0000, Josh Berry wrote:
> Thanks to both of you, think I've got it now.
>
> > What exactly are you trying to do?
>
> I am just trying to force SMTP auth for all clients, and suspect that
> adding "hosts_require_auth" to the SMTP transport will do the trick.


If you are adding stuff to a transport then thats affecting outgoing
mail - ie exim as a SMTP/Auth client to a remote MTA.

If you want to enforce clients connecting to you to use auth you want
something like this...
        # In main part of config list restrictions on where we allow
        # authenticated connections to come from - in this case we
        # allow them from anywhere
        hostlist auth_relay_hosts = *


        ....
        # within RCPT acl
          accept  hosts = +auth_relay_hosts
                  authenticated = *
              control = submission


an alternative (or addition) can be to allow (from very early within the
RCPT acl), all authenticated/encrypted connections to the MSA port
(587).  The comment in this about doing rejections later is due to us
doing accept and bounce for bad addresses given here since we assume
anyone using an authed connection to us at least has a valid sender
address so we can return the bounce, or its our (postmaster's) job to
sort it out.
          # accept authenticated, encrypted connections to the msa port
          # Many clients are unhappy about rejections here, so do it
        later
          accept  condition     = ${if ={$interface_port}{587}{1}{0}}
              endpass
              authenticated = *
              encrypted     = *
              control = submission


Hopefully that should give you the idea...

    Nigel.
-- 
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]