On Sun, Jan 19, 2003 at 01:33:22PM +0100, Anand Buddhdev wrote:
> > I'm wondering how to configure courier to accept esmtp "relaying"
> > connections ONLY from those clients that login via SSL using their user id
> > and password. I've been studying the documentation in depth and can't find
> > any clear directions on how to do this.
OT: exim can implement the policy you require.
acl_check_rcpt:
...
# Allow relaying from AUTH users, but only if they have connected
# using STARTTLS
accept authenticated = *
encrypted = *
That will reject relaying with a 550 at RCPT time. Even better, you can
refuse the AUTH command itself, if the connection is not running under TLS
at the point when it is issued. Example:
http://www.exim.org/exim-html-4.10/doc/html/spec_37.html#SECT37.4
That doesn't mean you have to abandon Courier MTA though. You could set up a
separate server for outgoing relaying. In fact, it's an extremely good idea
to set up separate servers or server clusters for "outbound" and "inbound"
mail anyway.
Apart from increased scalability, you get the important advantage that if
one of your customers moves their MX records to a different provider without
telling you, mail relayed via your "outbound" cluster will still be
delivered correctly.
Regards,
Brian.
-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
