Auteur: Marco Wessel Date: À: exim-users Sujet: Re: [exim] authentication
On Mar 26, 2007, at 6:49 PM, Michael Rouba wrote:
> The client authentication is by the net it comes from.
> The user authentication is by the username:password combination
Ok. Bit of a strange way of naming, but I see where you're going with
this. There usually isn't really a distinction between a client and
its user.
>
> in the first case i can send mail via a client from a relay allowed
> net, but without giving any login.
> in the second cas i can send mail via any client from any net, but
> only, if the user who sends, exists on the system and authenticates
> via login.
Sounds regular.
> well, maybe i missunderstood something. I removed the asterix, as
> you told me to do, and checked, if the authenticators at the end of
> the exim4.conf.template are without any comments #.
I'll assume for a bit that you aren't an ISP with an entire subnet
under your control. That means you can't authenticate clients by
their IP-address. You need authentication for that, which the user
provides.
The point of dc_relay_nets (and the exim relay_from_hosts list it
maps to) is that any IP-address on it may use the server for relaying
e-mail to anywhere. So if you have clients with static IP-addresses,
or have a subnet (or multiple) under your control, define those there
and then clients from IP-addresses on the list will be able to use
your server for relaying without authentication.
Setting that as an asterisk means you allow anyone on the internet to
relay, which is a Very Bad Idea, and will get you blocked just about
anywhere.
> But then the system tells me "relay not permitted", when i try to
> send over a client with a dynamic ip-address.
For clients with dynamic addresses that are in subnets out of your
control (and thus not listed in dc_relay_nets), you /must/ use
authentication. Exim by default allows authenticated clients to use
the server for relaying.