--On 29 October 2010 05:12:21 +0000 W B Hacker <wbh@???> wrote:
>
> Michael Klimczak wrote:
>> Hi,
>>
>> sorry if this question has been asked before but I could not find a
>> suitable solution.
>>
>> Exim is set up to receive mail from users and forward them to another
>> smtp for delivery (smarthost setup). Authentication via sasl and TLS
>> encryption are working. From the basic setup I would have assumed that I
>> now should be abel to send mail over the exim. However, this is only
>> working from within the local network.
>
>>
>> Am I missing a configuration step in exim to enable connections from
>> outside or is it likely that there is an external cause for these issues
>> (I am sure there is no conflict with the firewall). Currently,
>> connections from outside do not receive a rejection, they just time out.
>> So far, I've tried setting auth_advertise_hosts to * (but this should be
>> the default anyway).
>>
>> Any help would be appreciated,
>> micha
>>
>
> Exim doesn't know care if it is inside or outside. Other parts of the
> environment may be less cooperative.
Well, it does if you tell it. For example, it's usual to define
local_domains, relay_from_hosts, and so on.
You should make sure that you're offering port 587 with TLS and
authentication. It might be convenient to do this on a different IP address
than your MX host. We use separate IP addresses, and separate
configurations.
Set an ACL to deny anything on port 587 that isn't authenticated.
For clients connecting on port 587, make sure there aren't any ACLs
preventing relaying. But, you might want to rate-limit relaying from
non-local IP addresses, to reduce the harm if user accounts are compromised.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see
http://www.sussex.ac.uk/its/help/