On Wednesday 29 August 2007 16:56, Matt wrote:
> I am running Directadmin email/web server that uses Exim.
>
> In my exim.conf I have this.
>
> domainlist local_domains = lsearch;/etc/virtual/domains
> domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
> hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts :
> /etc/virtual/relay_ips : 127.0.0.1
> hostlist auth_relay_hosts = *
>
> and this:
>
> # to restrict port 587 to authenticated users only
> # see also daemon_smtp_ports above
> #accept hosts = +auth_relay_hosts
> # condition = ${if eq {$interface_port}{587} {yes}{no}}
> # endpass
> # message = relay not permitted, authentication required
> # authenticated = *
Where is that? It should be no earlier than the "MAIL FROM" ACL
(acl_smtp_mail).
> I want to restrict port 587 to authenticated users and trusted users.
> The pophosts file contains a dynamic list of IP's that have
> successfully pop3'd mail in the last 15 minutes. The relay_ips file
> contains a list of my subnets that belong to me. I want to allow all
> of these and users that utilize authenticated SMTP to use port 587 and
> no others on 587. Problem is that whenever I enable/uncomment this it
> only allows authenticated SMTP through. What do I need to change
> here?
Try this:
known_users:
accept hosts = +relay_hosts
accept authenticated = *
[...accepts for other kinds of users...]
check_sender:
accept condition = ${if eq {$interface_port}{587}}
endpass
message = Only authorised users may use the submission port.
acl = known_users
Without "endpass", which is semi-deprecated (not "best practice"), the
check_sender ACL can be written as
check_sender:
accept condition = ${if eq {$interface_port}{587}}
acl = known_users
deny message = Only authorised users may use the submission port.
condition = ${if eq {$interface_port}{587}}
or if you want to allow submission on port 25, delete the first condition.
I find a sub-ACL very useful here.
By the way, have you considered dropping POP-before-SMTP support? Many ISPs
and web hotels have done that since it's less reliable than SMTP AUTH, which
nearly all mail clients support nowadays.
--
Magnus Holmgren holmgren@???
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans