On 5 Jan 2006, at 08:36, Robert Cates wrote:

Giuliano Gavazzi wrote:


On 4 Jan 2006, at 08:18, Robert Cates wrote:
I'm using SpamAssassin 3.0.4 with my Exim 4.54 server, but SpamAssassin is checking and adding it's headers even with outgoing mail. My logic tells me that's not correct, but I don't know how to change this behaviour. Below is
[...]
does outgoing mail come only from authenticated sources?
If so, the answer is there.

Giuliano


OK, how can I know this for sure? I would like most, if not all, connections through TLS/SSL, and I have the following set in my config file:


Well, if you do accept for relay (in the RCPT acl) only messages coming from authenticated hosts (we are talking SMTP submission), then outgoing messages (excluding forwarded emails, but they are not coming from SMTP, in a way) will always satisfy

 authenticated = *

[Global section]
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
#auth_advertise_hosts = *
tls_advertise_hosts = *
tls_verify_certificates = /etc/exim/

^^^^^^^ useless, unless you verify clients (as defined in tls_verify_hosts)

tls_certificate = /etc/exim/exim.cert
tls_privatekey = /etc/exim/exim.key

[AUTHENTICATION section]
plain:
 driver = plaintext
 public_name = PLAIN
 server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
 server_condition = "\
   # $2 = Username | $3 = password

  ^^^^^ I do not like comments put in between \
        lines
        not one little bit!

   ${if and {{!eq{$2}{}}{!eq{$3}{}} \
   {crypteq{$3}{${extract{1}{:} \
   {${lookup{$2}lsearch{/etc/exim/.passwd}{$value}{*:*}}}}}}}{1}{0}}"

tooo many }}} for me to count (I use pam so I have less).
Are't you missing:

   server_prompts =  :


 server_set_id = $2

login:
 driver = plaintext
 public_name = LOGIN
 server_prompts = "Username:: : Password::"
 server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
 server_condition = "\
   # $1 = Username | $2 = password
   ${if and {{!eq{$1}{}}{!eq{$2}{}} \
   {crypteq{$2}{${extract{1}{:} \
   {${lookup{$1}lsearch{/etc/exim/.passwd}{$value}{*:*}}}}}}}{1}{0}}"
 server_set_id = $1


also, didn't auth_advertise_hosts already take care of server_advertise_condition? I do not use either so I might be wrong.


Please tell me if you see anything else set wrong as well. Or if you know a better way to set it (Authentication) up.


g

--
## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to