Re: [exim] Multiple SMTP authenticators for the same mechani…

Góra strony
Delete this message
Reply to this message
Autor: Mike Tubby
Data:  
Dla: exim-users
Temat: Re: [exim] Multiple SMTP authenticators for the same mechanism?

How about having Exim listen on an additional TCP port and then use
different rules for that port? ... possibly no authentication at all?

You can firewall access to the port differently.

I have a system that works as a normal MTA on port 25, has user
submission on port 587 and bulk mail (low priority) on port 588:

#
# listen on ports:
#
#       25  => external SMTP in-bound
#       587 => external users and internal traffic out-bound with 
immediate delivery (high priority)
#       588 => bulk mail out-bound with queue-only (low priority)
#
daemon_smtp_port = 25:587:588



For my application I modify my handling in the check_rcpt ACL:

#
# accept anything submitted on MSA port 587
#
    accept  condition = ${if eq{$interface_port}{587}{1}{0}}


#
# accept anything submitted on MSA port 588 after setting queue only
#
    accept  condition = ${if eq{$interface_port}{588}{1}{0}}
            control = queue_only



You should be able to run your normal auth on port 25 and/or 587 and a
different auth or no auth at all on port 588


Mike




On 14/04/2016 19:35, Chris Siebenmann wrote:
> We have a piece of software that we want to run that can only send
> useful email through an authenticated SMTP connection, using a fixed
> login and fixed authentication information that you configure into it.
> Our normal SMTP authentication is against our Unix logins and their
> passwords using the Dovecot authentication driver. For obvious reasons,
> we would like to avoid having this software authenticate through an
> actual Unix login; instead we would like to give it a fake login with
> a password that can only be used for SMTP authentication (and then only
> from the one host that this software will run on).
>
> All of this leads me to ask: is it possible to have multiple SMTP
> authenticators configured for the same mechanism (the 'public_name')?
> The documentation on server_condition suggests that it's not, in that
> there's no documented 'skip this driver' return value.
>
> Beyond that, is it even valid to have two authentication drivers with
> the same public_name value, even if their server_advertise_condition
> will only cause one to be available for any particular connection (say
> if they are conditional based on the connecting ip)?
>
> Alternately, can people think of another clever way to solve this
> particular issue?
>
> (One potential option is to find a SMTP authentication mechanism that
> this software supports and we don't currently use, then set up a driver
> for it just for this host with hard-coded stuff. But at this point I'm
> not sure what authenticators the software supports, so I'm proceeding
> on the conservative assumption that it supports only PLAIN and LOGIN,
> both of which we already have general drivers for.)
>
>     - cks

>