On Wed, 4 Oct 2023, Mario Emmenlauer via Exim-users wrote:
>
> I have a dedicated server running exim. It works great, except I
> can not get a smarthost setup to work in combination with sender
> verification.
>
> On the server, I have sender verification enabled, as a means to
> reduce spam. It generally works well. The ACLs are just the ones
> from Debian/Ubuntu:
>
> /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt:
> deny
> !acl = acl_local_deny_exceptions
> !verify = sender
> message = Sender verification failed
>
> /etc/exim4/conf.d/acl/40_exim4-config_check_data:
> deny
> !acl = acl_local_deny_exceptions
> !verify = header_sender
> message = No verifiable sender address in message headers
>
>
> Now I would like to configure this server as a smarthost, so it will
> forward emails from my desktop computers (without static IP or DNS).
> Also, I'd like to have unique mailnames for each desktop, like
> <hostname>.mydomain.org, to better identify where the mail originated
> from. But these domains do not really exist, they would be "fake"
> mailnames to identify the various desktop computers.
>
> Now, the server rejects all such emails because sender verification
> failed. I can see that this is sensible. But it is not what I want.
> I wanted sender verification only for non-authenticated users. The
> spam protection is (for me) not relevant for authenticated users.
> They are assumed to be trustworthy.
>
> I'm not sure if what I'm trying is possible and sensible. Am I
> completely on the wrong track here? Are there a better way to
> achieve something similar?
I don't really understand what you are trying to do with
sender verify here and I agree with others that you do not
want to put the desktop's name into the email address.
*If* the desktops can support RFC1413, setting the
rfc1413_hosts
option to include them would be worth considering.
This would allow the smarthost to record (header and/or logfile IIRC)
the hostname *and user* that originated the email.
I have not used this for a long time, but IIRC you could force
the sender address to match the rfc1413 user response.
Windows does not natively support RFC1413. Worse, I think that there
s nothing to stop an ordinary windows user from running a spoofing
rfc1413 service.
--
Andrew C. Aitchison Kendal, UK
andrew@???
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/