[exim] Need to have different security settings / policy bas…

Top Page
Delete this message
Reply to this message
Author: Michael Lueck
Date:  
To: exim-users
Subject: [exim] Need to have different security settings / policy based on where SMTP connection is coming from, how?
Greetings,

I am working on getting Exim properly configured (configuration expanded) to securely host GNU Mailman on a server presently running Exim for localhost messages only.

The server is running Ubuntu 8.04-x64 and the official Ubuntu packages of all software concerned.

Currently Exim is able to accept messages from localhost without any authentication required. That serves admin monitoring purposes.

I followed these steps to add GNU Mailman to the server:

"Mailman"
https://help.ubuntu.com/8.04/serverguide/C/mailman.html

** So yes I switched over to the "dc_use_split_config='true'" configuration style. **

Mailman is going to be accessed for sending purposes ONLY by staff. Mailman subscribers may not post messages to the Mailman list.

I would like to configure that new hole into the server in a secure way, so wish to require TLS encryption. However I do not want to change the security settings of localhost accepting messages
without any authentication challenge. How may I configure that dual-mode security?

Currently Mailman does receive / distribute messages sent from the command line directly on the server.

Additionally, how is Internet inter-SMTP chatter handled? (Example: receiving bounce message replies from other Internet SMTP's) I would think that is a third configuration / connection profile, correct?

Sincerely,

--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/