Re: [exim] Add a whitelist for senders to skip auth check

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Sebastian Nielsen
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Add a whitelist for senders to skip auth check
You could do it like this (in RCPT acl):

accept
    senders = sells@???
    recipients = owner@???
deny    message       = smtp auth requried
            sender_domains = +local_domains
            !authenticated = *


-----Ursprungligt meddelande-----
Från: Damon Hill via Exim-users <exim-users@???>
Skickat: den 8 maj 2020 18:56
Till: Sebastian Nielsen <sebastian@???>; exim-users@???
Ämne: Re: [exim] Add a whitelist for senders to skip auth check

You mean to allow eg. [1]web@??? to send unauthenticated mail
from the web or [2]owner@??? to receive it?

How can I convert that to exim config?

On 8/5/20 10:35, Sebastian Nielsen via Exim-users wrote:

One way you could do it, is to allow unauthenticated email but only to
recipient [3]owner@??? which would make your server kind of
"single-adress relay" which could be acceptable.
And also check for senders, to avoid spam, then a spammer must spoof the
sender adress AND also send to your approved recipient adress.

-----Ursprungligt meddelande-----
Från: Damon Hill via Exim-users [4]<exim-users@???>
Skickat: den 8 maj 2020 14:13
Till: Exim Mailing List [5]<exim-users@???>
Ämne: [exim] Add a whitelist for senders to skip auth check

Hello,

I need to whitelist domains from a list (with wildcards) in Exim's ACL
to avoid auth SMTP checking for domains hosted in this server.

My server, say SERVER A, hosts e-mail for coolstore.com domain, but the
web is hosted by SERVER B (which uses several servers for mailing). I
need to exclude from Exim SMTP auth checking in Server A:
smtp1.serverb.com, smtp2.serverb.com, [6]mailer@??? and
*.serverb2.com.

The problems is that when the web application (hosted by ServerB) tries
to send an (unauthenticated) email from [7]sells@??? to
[8]owner@??? it fails with message: '550 smtp auth requried (in
reply to RCPT TO command)'

I've got the ACL:

    deny    message       = smtp auth requried
            sender_domains = +local_domains
            !authenticated = *


but i cannot make it exclude these domains from the checking.

I tried adding this to ACLs:

    accept  condition     =
${lookup{\$sender_address}nwildlsearch{/etc/exim/senders-whitelist.
conf}{yes}}


where /etc/exim/senders-whitelist.conf contains:

    smtp1.serverb.com
    smtp2.serverb.com
    [9]mailer@???
    *.serverb2.com


But it didn't work. What am I doing wrong?

Thank you in advance for your help!

References

1. mailto:web@coolstore.com
2. mailto:owner@coolstore.com
3. mailto:owner@coolstore.com
4. mailto:exim-users@exim.org
5. mailto:exim-users@exim.org
6. mailto:mailer@serverb.com
7. mailto:sells@coolstore.com
8. mailto:owner@coolstore.com
9. mailto:mailer@serverb.com
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/