Re: [exim] problem(?) - SpamAssassin checks outgoing mail

Top Page
Delete this message
Reply to this message
Author: g
Date:  
To: robert
CC: Exim, Users
Subject: Re: [exim] problem(?) - SpamAssassin checks outgoing mail

On 5 Jan 2006, at 08:36, Robert Cates wrote:

> Giuliano Gavazzi wrote:
>
>>
>> On 4 Jan 2006, at 08:18, Robert Cates wrote:
>>> I'm using SpamAssassin 3.0.4 with my Exim 4.54 server, but
>>> SpamAssassin is
>>> checking and adding it's headers even with outgoing mail. My
>>> logic tells me
>>> that's not correct, but I don't know how to change this
>>> behaviour. Below is

[...]
>> does outgoing mail come only from authenticated sources?
>> If so, the answer is there.
>>
>> Giuliano
>>
>>
> OK, how can I know this for sure? I would like most, if not all,
> connections through TLS/SSL, and I have the following set in my
> config file:
>


Well, if you do accept for relay (in the RCPT acl) only messages
coming from authenticated hosts (we are talking SMTP submission),
then outgoing messages (excluding forwarded emails, but they are not
coming from SMTP, in a way) will always satisfy

authenticated = *

> [Global section]
> auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
> #auth_advertise_hosts = *
> tls_advertise_hosts = *
> tls_verify_certificates = /etc/exim/


    ^^^^^^^ useless, unless you verify clients (as defined in  
tls_verify_hosts)


> tls_certificate = /etc/exim/exim.cert
> tls_privatekey = /etc/exim/exim.key
>
> [AUTHENTICATION section]
> plain:
>  driver = plaintext
>  public_name = PLAIN
>  server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
>  server_condition = "\
>    # $2 = Username | $3 = password


   ^^^^^ I do not like comments put in between \
    lines
    not one little bit!


>    ${if and {{!eq{$2}{}}{!eq{$3}{}} \
>    {crypteq{$3}{${extract{1}{:} \
>    {${lookup{$2}lsearch{/etc/exim/.passwd}{$value}{*:*}}}}}}}{1}{0}}"


tooo many }}} for me to count (I use pam so I have less).
Are't you missing:

    server_prompts =  :



> server_set_id = $2
>
> login:
>  driver = plaintext
>  public_name = LOGIN
>  server_prompts = "Username:: : Password::"
>  server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
>  server_condition = "\
>    # $1 = Username | $2 = password
>    ${if and {{!eq{$1}{}}{!eq{$2}{}} \
>    {crypteq{$2}{${extract{1}{:} \
>    {${lookup{$1}lsearch{/etc/exim/.passwd}{$value}{*:*}}}}}}}{1}{0}}"
>  server_set_id = $1

>


also, didn't auth_advertise_hosts already take care of
server_advertise_condition? I do not use either so I might be wrong.

>
> Please tell me if you see anything else set wrong as well. Or if
> you know a better way to set it (Authentication) up.



g