Re: [exim] Setup Authentication to pass regardless of whethe…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Ian Eiloart
日付:  
To: Andrew D, Dave Evans, Exim Users List
題目: Re: [exim] Setup Authentication to pass regardless of whetherthe auth info is correct or not


--On 13 November 2010 04:05:58 +1030 Andrew D <awd-exim@???> wrote:

> Hi Dave,
>
> On 13/11/2010 3:47 AM, Dave Evans wrote:
>> On Sat, Nov 13, 2010 at 03:00:31AM +1030, Andrew D wrote:
>>> Hi All,
>>>
>>> I need to set up a mail server that is able to allow users to relay
>>> regardless of whether the authentication information valid or not.
>>
>> Do you mean you want authentication to succeed regardless of whether or
>> not the info is valid? "server_condition = 1" would be a start. It's a
>> rather unusual requirement though and I do wonder why you might have
>> such a need.
>>
>
> Its a Largish backpackers hostel, that have issues with infected
> machines sending out SPAM, which the port redirection solves, with
> scanning and rate limiting. However they have an issue where people have
> auth setup for their 'normal' mail server, but due to the port
> redirection to the hostel internal server, they fail Auth. So doing
> this the hostels clients can send email without changing any setting on
> their machines, and the hostel has virus and SPAM scanning on email on
> the way out.


This is what port 587 is for <http://www.ietf.org/rfc/rfc5068.txt>. Most
mail clients use 587 these days. You won't be intercepting port 587, will
you?

Perhaps a better approach would be to redirect outbound port 25 to port 587
on the same IP address. Or to use an SMTP proxy.

Certificate verification failure should prevent your mechanism from
working, shouldn't it? Or will the hostel tell people, "it's OK, the
certificate doesn't match because we're reading your email"?

>
>
>> Or perhaps you mean that clients should be allowed to send mail
>> regardless of whether or not they have successfully authenticated? In
>> which case, look to your ACLs, for a condition mentioning
>> "authenticated".
>>
>
> Thanks for your help.
> Cheers
> cya
> Andrew
>
>>> This server is on an internal network and are using a firewall to
>>> transparently redirect connections going out on port 25.
>>
>> Not sure what you mean by that, and therefore not sure if it's relevant
>> to my answer.
>>
>>
>
>
> --
> Awdcomp computing services.
> Mobile: 0405 086 212
> Web:    www.awdcomp.net
> Email:  awd@???




--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/