On 10/13/2011 10:58 AM, W B Hacker wrote: > tower wrote:
>> Hi
>>
>> I want to allow sending mail without authentication for single account.
>> I'm trying to not add another IP to relay_from_hosts, beacuse many
>> normal users send from that IP. How can I gently modify my acl.conf to
>> do that?
>>
>>
>> #************************************
>> acl_check_mail_submission:
>> #************************************
>> accept hosts = +relay_from_hosts
>> require message = Please turn on authentication in
>> your email client.
>> authenticated = *
>> deny message = Mailbox $authenticated_id is
>> disable. Please contact with number xx-xxxxxx
>> condition = ${if eq \
>> {0} \
>> {${lookup mysql {SELECT
>> active FROM mailbox \
>> WHERE
>> username='${quote_mysql:$authenticated_id}'} \
>> }} \
>> }
>> control = dkim_disable_verify
>> accept
>>
>>
>
> Have you considered using the same IP, and/or an uncommon port and
> protocol for that one account?
>
> Non-routable IPv6 if local, for example.
>
> Even so, I'd want to use matching PEM certs.
>
> You only have to configure the submitter to do SOME form of auth ONCE.
>
> Opening the door to compromise OTOH, can lead to a great deal more work.
>
> HTH,
>
> Bill
>
> Unfortunately that account is configured on very old MFP, which is
sending emails only to port 25 and of course without authentication.
Can i use something like that:
#************************************
acl_check_mail_submission:
#************************************
accept hosts = +relay_from_hosts
*accept local_parts = dumbaccount
domains = example.com*
require message = Please turn on authentication in your email client.
authenticated = *
deny message = Mailbox $authenticated_id is disable. Please contact with
number xx-xxxxxx
condition = ${if eq {0} {${lookup mysql {SELECT active FROM mailbox
WHERE username='${quote_mysql:$authenticated_id}'}}}}
control = dkim_disable_verify
accept