Re: [exim] Drop all traffic unless authenticated users OR sp…

Top Page
Delete this message
Reply to this message
Author: Oliver von Bueren
Date:  
To: exim-users
Subject: Re: [exim] Drop all traffic unless authenticated users OR specific IP ?
Hi

You don't have to rely on the authenticated_id variable, which you
probably set on a successful authentication.
You can use the condition "!authenticated = *".
This is what I have as the first statement for my submission port rcpt acl:

  # MUA must authenticate
  deny    message        = Authentication is required to send messages
          !authenticated = *


By adding the hostlist to this, that should work. If not, try an "exim
-bh myip1" to test the outcome of the condition as well as an
authenticated session. This way, you simulate the SMTP session and at
the same time see what exim thinks of it.

If you have to compute the LOGIN/PLAIN auth string, you can use this
small perl script smtp-auth.pl:
---
#!/usr/bin/perl -w
#
# Usage: smtp-auth.pl <user> <pass>

use strict;
use MIME::Base64;

my $unenc = join ("\000", @ARGV);

print "AUTH LOGIN " . encode_base64("$unenc", '') . "\n";
print "AUTH PLAIN " . encode_base64("\000$unenc", '') . "\n";
---

       Oliver




Bleurgh wrote:
> Hi,
>
> I posted this question on the exim users list but only received one reply
> which wasnt helpful. I hope someone can help me!
>
> All I want to do is drop all smtp connections unless it is from an
> authenticated user or it comes from a host I specify in a list.
>
> Someone provided me with this acl....
>
> drop !condition = ${if def:authenticated_id{yes}{no}}
> !hostlist = myip1 : myip2 : myip3
>
> But it doesnt seem to do anything.
>
> Can anyone help ?