[exim] exim3 vs exim4 configs

Top Page
Delete this message
Reply to this message
Author: jake_stone
Date:  
To: exim-users
Subject: [exim] exim3 vs exim4 configs
>> As you can see this is a spammers dream, I must be missing something,

>Why is this a spammers dream? It does not allow unauthenticated hosts
>to send mail to arbitrary addresses, only to local ones.


    I see this as a problem because anyone from anywhere can "pretend" to be
me, as the from address
and send to any user at any local domain without being required to
authenticate with a password
in thier mail client and the message gets delivered.


    Am I missing something?


    In reading
http://www.exim.org/viewvc/exim/exim-doc/doc-txt/Exim4.upgrade?revision=1.1&view=markup


**The auth_hosts option has been abolished; this functionality is now
controlled by ACLs.

**. The auth_always_advertise option has been abolished because it depended
on
  auth_hosts and and host_auth_accept_relay, both of which are no more. In
its
  place there is a new option called auth_advertise_hosts, whose default
value
  is *, meaning "advertise AUTH to all".
    Hmm, any reason "host_auth_accept_relay" option would not do what is
needed to plug the hole in SMTP ?
    The next question is what ACL option does the same thing? ie; no smtp
without password?