[exim] Re: Is sender verification possible on a server that …

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Andrew C Aitchison
Dátum:  
Címzett: Mario Emmenlauer
CC: exim-users
Tárgy: [exim] Re: Is sender verification possible on a server that is used as a smarthost?
On Wed, 4 Oct 2023, Mario Emmenlauer via Exim-users wrote:

>
> I have a dedicated server running exim. It works great, except I
> can not get a smarthost setup to work in combination with sender
> verification.
>
> On the server, I have sender verification enabled, as a means to
> reduce spam. It generally works well. The ACLs are just the ones
> from Debian/Ubuntu:
>
> /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt:
>  deny
>    !acl = acl_local_deny_exceptions
>    !verify = sender
>    message = Sender verification failed

>
> /etc/exim4/conf.d/acl/40_exim4-config_check_data:
>  deny
>    !acl = acl_local_deny_exceptions
>    !verify = header_sender
>    message = No verifiable sender address in message headers

>
>
> Now I would like to configure this server as a smarthost, so it will
> forward emails from my desktop computers (without static IP or DNS).
> Also, I'd like to have unique mailnames for each desktop, like
> <hostname>.mydomain.org, to better identify where the mail originated
> from. But these domains do not really exist, they would be "fake"
> mailnames to identify the various desktop computers.
>
> Now, the server rejects all such emails because sender verification
> failed. I can see that this is sensible. But it is not what I want.
> I wanted sender verification only for non-authenticated users. The
> spam protection is (for me) not relevant for authenticated users.
> They are assumed to be trustworthy.
>
> I'm not sure if what I'm trying is possible and sensible. Am I
> completely on the wrong track here? Are there a better way to
> achieve something similar?


I don't really understand what you are trying to do with
sender verify here and I agree with others that you do not
want to put the desktop's name into the email address.

*If* the desktops can support RFC1413, setting the
     rfc1413_hosts
option to include them would be worth considering.
This would allow the smarthost to record (header and/or logfile IIRC)
the hostname *and user* that originated the email.
I have not used this for a long time, but IIRC you could force
the sender address to match the rfc1413 user response.


Windows does not natively support RFC1413. Worse, I think that there
s nothing to stop an ordinary windows user from running a spoofing
rfc1413 service.

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/