Odhiambo Washington wrote:
> Hello Oliver,
> Thank you very much. Now, just to understand something a little bit
> more clearly, I have two last questions:
>
> 1. On your acl_check_rcpt_mua, shouldn't the "accept senders =
> :" come first or what is the logic of evaluation?
> 2. Suppose I want to enforce the condition that $authenticated_id} ==
> $sender_address, what is the most appropriate point?
>
>
The first of the four conditions is a deny to stop all SMTP connections
not authenticated to send anything.
The second is an accept to allow messages sent with an emtpy envelope
sender as it is done for automated replays like out-of-office stuff and
the like. This part is optional, but if you like to allow your users to
connect another mail server using your server as a smarthost to reach
the internet and allow them to use these kind of features, you need
that. I even think that Outlook uses empty sender envelopes for messages
confirming the reception of a mail to the sender and the like.
The third part is the "real work" part. It is only triggered for local
domains and if it is, it checks the sender address. This basically means
that the address must be a valid address on your system.
Last but not least, all that has not been accepted by one of the above
messages gets a deny.
So for the error message you have in your log file
(SMTP-SUBMISSION-SENDER-NOT-VALID) it looks like the sender address
can't be checked by your local exim. What is the output if you run the
sender address through recipient validation like this:
exim -bt user@???
This should, if I understand your intention correctly, generate a line like
user@???
router = localuser, transport = local_delivery
or something like that, depending your setup for local deliveries.
For the sender equal authentication id, you set the submission mode. I
suggest you add "control = submission" to the second accept, the one
with the verify = sender part in it. There are some options you can use
there, so please take a look at chapter 44 of the documentation.
Oliver
