Re: [exim] Blocking non-authenticated senders

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Matthias Waffenschmidt
Date:  
À: Peter Velan
CC: Exim Users Mailing List
Sujet: Re: [exim] Blocking non-authenticated senders
Hello,

On Mon, Feb 19, 2007 at 06:10:33PM +0100, Peter Velan wrote:
> am 19.02.2007 16:45 schrieb David Woodhouse:
> > On Mon, 2007-02-19 at 15:06 +0100, Peter Velan wrote:
> >> all users which are allowed to send via our MTA must authenticate first.
> >>
> >> Could I block any non-authenticated senders (forging envelope from like
> >> "*@ourdomain-#.tld") with the following construction?
> >>
> >> ...
> >> acl_smtp_rcpt = acl_check_rcpt
> >> ...
> >> begin acl
> >> acl_check_rcpt:
> >> ...
> >> accept authenticated = *
> >>
> >> deny    !authenticated = *
> >>         senders = *@*.ourdomain-1.tld:*@*.ourdomain-2.tld
> >> ...

> >>
> >> Should I be aware of any side effects?
> >
> > You'll be rejecting any mail which is forwarded to one of your users,
> > but which also originated from one of your users.
>
> How that? If one of my users is forwarding with his mailclient than he
> must authenticate before.


If the forwarding server is not your server, the sender will receive a
bounce mail.

In more detail:

- your user sends a mail using SMTP AUTH via your mail server to an
external address
- the mail server responsible for this domain forwards the mail to
some recipients including the original sender
- your mail server in turn rejects the forwarded mail because it was
not sent via SMTP AUTH
- your user will receive an error mail from the forwarding mail server

I would stongly recommend not to implement this kind of blocking.

-- 
Gruss / Best regards   |  LF.net GmbH        |  fon +49 711 90074-411
Matthias Waffenschmidt |  Ruppmannstr. 27    |  fax +49 711 90074-33
mw@???              |  D-70565 Stuttgart  |  http://www.lf.net