Thank you!
It work as expected!
Some questions is still need to resolve.
I have 4 IP for 4 domains. Thats is need for TLS.
So how can I configure exim what would he do the following:
In header Received: from xxx.net ([11.22.33.44] helo=[192.168.1.77]) by host.aaa.com with esmtpsa (TLS1.0:ECDHE_RSA_AES_128_CBC_SHA1:128) i need to replace "by host.aaa.com" with host from domain of sended mail, not primary hostname of server.
How to configure EXIM to require use TLS for user authentication when sending mail ?
Thank you in advance for your help!
>On Wed, Feb 12, 2014 at 8:26 PM, Фадеев Виталий Львович < fvl@??? > wrote:
>> Hi there!
>> I have been setuped exim and dovecot.
>> Exim uses dovecot-lda to deliver mails to mailbox.
>>
>> All works, but in headers of example message:
>>
>> Return-path: <"vitalyf@???>
>
>The Return-Path header is generated from the Sender value. More on
>that in a bit...
>
>> Received: from xxx.net ([11.22.33.44] helo=[192.168.1.77])
>> by host.aaa.com with esmtpsa (TLS1.0:ECDHE_RSA_AES_128_CBC_SHA1:128)
>
>"esmtpsa" as reported by Exim literally means Extended SMTP Secure
>Authenticated. So that means you are using SMTP Auth, referred to in
>Exim as "submission" mode.
>
>> (envelope-from <"vitalyf@???>)
>> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
>
>This tells me that your MUA software (Thunderbird as indicated in the
>headers) identified itself as user vitalyf@???. Exim, in standard
>submission mode will append @hostname to that submitted username
>because in olden days, the user that was submitted was a bare
>username, not a full email address.
>
>> Sender: "vitalyf@???
>
>And this header is further evidence of this Sender value that is being
>generated by Exim.
>
>> I do not want to show host.aaa.com in headers. How can i disable this so headers looks like this:
>> Return-path: < vitalyf@??? > Which configuration i need to show you?
>
>You likely have this somewhere in your RCPT acl:
>
> accept authenticated = *
> control = submission
> control = dkim_disable_verify
> add_header = X-Authenticated-Sender: ${sender_address}
>
>My suggestion is that you change it to this:
>
> accept authenticated = *
> control = submission/sender_retain
> control = dkim_disable_verify
> add_header = X-Authenticated-Sender: ${sender_address}
>
>Why is this? The docs at
>http://www.exim.org/exim-html-current/doc/html/spec_html/ch-message_processing.html
>have this to say about it:
>
>"By default, submission mode forces the return path to the same
>address as is used to create the Sender: header. However, if
>sender_retain is specified, the return path is also left unchanged. "
>
>"Note: Whenever a Sender: header line is created, the return path for
>the message (the envelope sender address) is changed to be the same
>address, except in the case of submission mode when sender_retain is
>specified. "
>
>One last comment that I don't really like about this mode is a side effect:
>
>"Specifying sender_retain has the effect of setting
>local_sender_retain true and local_from_check false for the current
>incoming message. The first of these allows an existing Sender: header
>in the message to remain, and the second suppresses the check to
>ensure that From: matches the authenticated sender. With this setting,
>Exim still fixes up messages by adding Date: and Message-ID: header
>lines if they are missing, but makes no attempt to check sender
>authenticity in header lines. "
>
>Basically all of that chapter (Chapter 46) in the exim doc link above
>is worth reading as it provides a great amount of detail about
>submission mode and how exim treats messages differently from your
>standard transit processing (relaying mode, which includes local
>delivery).
>
>...Todd
>--
>The total budget at all receivers for solving senders' problems is $0.
> If you want them to accept your mail and manage it the way you want,
>send it the way the spec says to. --John Levine
>
>--
>## List details at https://lists.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://wiki.exim.org/
----------------------------------------------------------------------
--
Виталий Фадеев
