MrTheo wrote:
Hi,
I'm currently setting up a mail system on a linux server that currently
hosts 3 domains. Every domain has its specific mail addresses, and all mail
users have a local user account with mail directories in their home dirs.
Everything is working fine as it is and people can send and receive mail
using squirrelmail. But now I'm trying to get pop3 and smtp from outside
working. Pop3 is working now, but I'm having some problems getting the smtp
to work the way I want. Right now relaying is off and no one is able to use
it from the outside. Turning relaying on for all domains allows people to
use my server for sending mails from any address they want, so that's not
the intention either.
What I want is that someone who wants to send a mail using the server's smtp
services has to login with server's user account, and that the address he
wants to send from 'belongs' to him so to say. Right now exim is setup to
use virtual host files to for example direct mail for [EMAIL PROTECTED]
to local user theo. So if theo wants to send a mail, he should login with
his login information and only be allowed to send if he's trying to send
from [EMAIL PROTECTED]
Is it possible to setup exim like this? And if so, how would I do that?
Thanks,
Theo
--
View this message in context:
http://www.nabble.com/Exim-domain-and-login-checks-for-relay-t1455563.html#a3933829
Sent from the Exim Users forum at Nabble.com.
Suggest:
- activating the 'submission' port: 587
daemon_smtp_ports = 25 : 587
- making TLS both possible.....:
(You will need a cert, self-signed is OK, and may have a
suitable one already if running your webmail on SSL/TLS.)
tls_certificate = /usr/local/etc/exim/certs/{cert name/number}
(or wherever Linux puts the equivalnet...)
- ...available...:
tls_advertise_hosts = *
Optionally:
tls_remember_esmtp = yes
- ... and required for authentication:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
- Then requiring your users to set their MUA to use port 587,
not port 25 to send.
(25 is often intercepted by the connectivity ISP)
IF their upstream ISP is also 'capturing' 587, simply find a
useable one thye are not blocking, add it to 'daemon_smtp_ports,
and configure for that.
- Suggest setting the MUA outbound server to 'TLS' (always), not
'TLS if available', and 'Require username and password'.
As a TLS 'tunnel' will be set up before PWD is transmitted, use
of CRAM-MD5, etc. instead of PLAIN or LOGIN is optional.
- selecting and testing authenticators to insure they work
correctly with your UID:PWD tools, AND do not fallback to 'en
clair' if you do not wish to permit that.
Several examples around - difference is usually where they get
the UID:PWD and how/if they handle the usual OE/Outlook defects.
(mine are SQL, so no relevant examples handy...)
HTH,
Bill
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
