Re: [exim] Some LDA questions

Top Page
Delete this message
Reply to this message
Author: Фадеев Виталий Львович
Date:  
To: Todd Lyons
CC: exim-users
Subject: Re: [exim] Some LDA questions
This post is very helped to me http://forums.jaguarpc.com/dedicated-servers/17391-exim-customization.html


Пятница, 14 февраля 2014, 7:31 -08:00 от Todd Lyons <tlyons@???>:
>On Fri, Feb 14, 2014 at 7:05 AM, Фадеев Виталий Львович < fvl@??? > wrote:
>>
>> Some questions is still need to resolve.
>> I have 4 IP for 4 domains. Thats is need for TLS.
>> So how can I configure exim what would he do the following:
>> In header Received: from xxx.net ([11.22.33.44] helo=[192.168.1.77]) by host.aaa.com with esmtpsa (TLS1.0:ECDHE_RSA_AES_128_CBC_SHA1:128) i need to replace "by host.aaa.com" with host from domain of sended mail, not primary hostname of server.
>
>First let me say that I think this is a bad idea.
>
>I suspect you mean "the mail server for the domain name of the recipient email".
>
># exim -bP | grep received
>received_header_text = Received: ${if and
>{{def:sender_rcvhost}{!def:authenticated_id}}{from
>$sender_rcvhost\n\t}{${if def:sender_ident {from
>${quote_local_part:$sender_ident} }{${if def:authenticated_id {from
>${quote_local_part:$authenticated_id} }}}}${if def:sender_helo_name
>{(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if
>def:received_protocol {with $received_protocol}} ${if def:tls_cipher
>{($tls_cipher)\n\t}}(Exim $version_number)\n\t${if def:sender_address
>{(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if
>def:received_for {\n\tfor $received_for}}
>
>You would want to redefine this setting, specifically changing the basic:
>  by $primary_hostname
>
>...to something that does a lookup and puts the value in:
>  ${if def:authenticated_id{by YOUR_HOSTNAME_LOOKUP}{by $primary_hostname}}
>
>Why is this a bad idea? IMHO:
>1) What happens if the recipient is <>, as in a bounce message? The
>YOUR_HOSTNAME_LOOKUP specifically needs to allow for this special
>case.
>2) SMTP is (can be) efficient. What happens when another server
>realizes that email from two different domains goes the same IP and
>tries to deliver two different messages, one from each domain, in the
>same connection? The TLS negotiation has already been performed with
>the first domain's certificate.
>3) This is a layer of complexity that makes it harder to troubleshoot
>issues. I'm not saying it's impossible, just that it's much harder.
>4) Generally when you try to mask who you really are, it makes you
>look shady and not legitimate, ESPECIALLY when people figure out that
>you're doing it.
>
>> How to configure EXIM to require use TLS for user authentication when sending mail ?
>
>In one of the early ACL's, you check what encryption cipher is being
>used and deny the message if it's empty, as described in this Server
>Fault post:
>
>http://serverfault.com/questions/58392/how-can-i-configure-exim-to-drop-non-authenticated-connections-on-alternate-smtp
>
>...Todd
>--
>The total budget at all receivers for solving senders' problems is $0.
> If you want them to accept your mail and manage it the way you want,
>send it the way the spec says to. --John Levine
>
>--
>## List details at https://lists.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://wiki.exim.org/



--
Виталий Фадеев