Author: Jasen Betts Date: To: exim-users Subject: Re: [exim] How to accept e-mail from a certain subnet even if AUTH
Login credentials, are invalid?
On 2014-06-11, Shane Philip <shanep@???> wrote: > Hi,
>
> First let me explain what I am trying to do as this may be the entirely
> wrong approach.
>
> I have EXIM server setup for e-mail for a domain and it supports all the
> usual stuff AUTH TLS e.t.c. On the network we have three networks the
> internet itself, office network and guest network (10.10.100.0/24).
> Everything is working fine for the domain and office network. However on
> the guest network we can have various users where we have no control
> over there PC's as they are guests, they are also not the most technical
> people around so don't know the first thing about how there e-mail
> clients are setup. So basically I want EXIM to listen for connections
> from the 10.10.100.0/24 subnet and accept all attempts to relay the
> guest mail regardless of whether the sending client uses NO AUTH, or is
> set to AUTH, or is set to the TLS AUTH. This will only need to happen
> for traffic on port 25, and for mail connections from the guest network.
>
> I know you can turn off AUTH requirements for a subnet with
> auth_advertise_host, but what I am not sure of is... If a client is set
> to use AUTH and you don't advertise AUTH from the server...
>
> 1. Will the client still try to use AUTH, when it is not advertised?
thet depends how they are configured. if you're using NAT to capture
any attempts to connect to port 25 from that subnet then yes, they may.
> 2. If the client does try to use AUTH will the exim server jut ignore it
> and accept the e-mail anyway or will it error?
Probably it will error and then accept the email anyway.
It may be possible to abuse the plaintext auth driver to make fake
authenticators that do no checks and always return success. I have
not looked at how it functions
the notmal login and plain authenticators can have the condition set to
to something that always succeeds
> 3. Will this work if the client also uses TLS?
>
they will have to accept the sertificate but other than that it will
be the same as no-tls.