On Mon, Oct 17, 2005 at 12:37:45PM +0200, Robert Cates said: > OK, thanks Tony, but in my folow-up message I noticed in my log 'P=esmtpsa', > when I send out per Courier IMAP(-SSL). I'm not sure what the differences > are. > > Next, I have 'relay_from_hosts = 127.0.0.1 : 192.168.1.0/24 : *.kormar.net : > *.kormar.de' defined. Should I change that to 'hostlist relay_from_hosts = > : @[] :'? Would that be better? > > As far as my ACLs, I only have: > acl_smtp_rcpt = acl_check_rcpt (the default, nothing changed) > acl_smtp_data = acl_check_data (setup for SpamAssassin) > acl_not_smtp = acl_check_data (setup for SpamAssassin) > > I would like to use: > #acl_smtp_auth = acl_check_auth > #acl_smtp_starttls = acl_check_auth > > #acl_check_auth: > > # accept hosts = +auth_relay_hosts > ## endpass > # require verify = sender > # accept authenticated = * > # deny domains = !+local_domains > # message = relay forbidden without authentication > > but I don't know how to set that up safely.
esmtp = client says EHLO instead of HELO esmtpa = client says EHLO and AUTH esmtps = client says EHLO and STARTTLS esmptsa = client says EHLO, AUTH and STARTTLS so, you want to look for esmtpsa in your logs. A simple accept authenticated = * at the top of your rcpt acl will do what you want, I think. Doing a sender verify and domain checks and so forth on authenticated connections will prevent some of them from being accepted, rather than accepting and bouncing later, which is what you want for dumb MUA submitted email. HTH, -- -------------------------------------------------------------------------- | Stephen Gran | People think love is an emotion. Love | | [EMAIL PROTECTED] | is good sense. -- Ken Kesey | | http://www.lobefin.net/~steve | | -------------------------------------------------------------------------- -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
