Re: [exim] How to accept e-mail from a certain subnet even i…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Heiko Schlittermann
Data:  
Para: exim-users
Asunto: Re: [exim] How to accept e-mail from a certain subnet even if AUTH Login credentials, are invalid?
Shane Philip <shanep@???> (Mi 11 Jun 2014 02:06:16 CEST):

> people around so don't know the first thing about how there e-mail
> clients are setup. So basically I want EXIM to listen for connections
> from the 10.10.100.0/24 subnet and accept all attempts to relay the
> guest mail regardless of whether the sending client uses NO AUTH, or is
> set to AUTH, or is set to the TLS AUTH. This will only need to happen
> for traffic on port 25, and for mail connections from the guest network.


"attempt to relay" means, the client has some idea about a relay host.

A totally stupid, unconfigured client probably would use DNS MX lookups
and send the mail directly.


If the client knows about a relay host, you can just allow the TCP
connections, That's nothing Exim has to deal with.

Or you can intercept the connections (using address translation) and ask
your Exim to simulate the behaviour of the relay host. (But why should
you do this?)

Or you can be the relay host the clients know, but this needs
configuration on the client side too.


I understand that you want to intercept the traffic and simulate the
relay host.

> 1. Will the client still try to use AUTH, when it is not advertised?


I'd not rely on some specian behaviour. (Exim as a client won't issue
AUTH if the server doesn't advertise AUTH, but I can't speak for the
various MUAs around.)

> 2. If the client does try to use AUTH will the exim server jut ignore it
> and accept the e-mail anyway or will it error?


Exim wants the authentication to succeed. If the server_condition fails,
the connection closes.

There are authenticators that do not use the server_condition
in the first place, but iff server_condition exists, they use it as a
secondary check.

> 3. Will this work if the client also uses TLS?


Yes, but if the client tries to verify the server certificate, you're
lost.

> Finally am I on the right track for making this work, or do I need to
> look to advertise AUTH and then just accept any credentials sent, as
> long as the connection originates from the guest network. If this is the
> approach how would I make exim accept any user password combination?


    login:
        driver = plain
        …
        server_condition = true


But of course a bit more complex, to include the source IP network.
$sender_host_address should contain the IP of the connecting client.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
 gnupg fingerprint: 9288 F17D BBF9 9625 5ABC  285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B)-