* on the Thu, Jan 02, 2014 at 11:29:22AM +0100, Marco Gaiarin wrote:
> I'm doing some exercise with exim (4.80-7, debian wheezy) enabling SSMTP
> (port 465) and authentication.
> Final objective is to open port 465 to all the net, protecting it with some
> stuff like fail2ban.
>
> With my first experiment, seems that exim reject lately the email (even
> without auth), simply does not route them (relay denied).
>
> There's some way to insert, very early, an ACL that simply reject email if
> unauthenticated, and only for port 465 (port 25 used only for internal
> traffic)?
>
>
> I've tried to find on the net something about that but probably i'm missing
> some keyword...
In your "acl_smtp_mail" section:
deny condition = ${if !eq{$received_port}{25}}
!authenticated = *
message = Port $received_port requires authentication
--
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4