On Fri, 25 Aug 2006 05:03:38 +0800 W B Hacker <[EMAIL PROTECTED]> wrote:
<<Snip>> > The 'unique' manner of managing configuration is Debian-specific. > > The problem is general: > > - IF/AS/WHEN an MTA acts as a client to another MTA in MSA mode, *and* it > arrives on port 25, authentication is not ordinarily expected for traffic > destined TO the user-community on that server. It is seen as a 'distant' > correspondent - one of 'brazillions' who may have legitmate traffic for that > user community. > > - However, IF/AS/WHEN said 'foreign' MTA attempts to submit traffic for OTHER > THAN users 'local' to the target host, it would ordinarily be treated as an > unauthorized relay attempt, and denied. > > In order to be permitted to transit traffic to destinations NOT local to a > given > host, one or both of two tests must ordinarily be satisfied: > > - The host attempting to submit must be recognized (by IP, matching pem > certs, > etc.) as an authorized relay source BY the intermediate host. Not bloody > likely > for an ISP host you do not control! > > - The host attempting to submit must 'authenticate' with a UID:PWD valid on > the > intermediate host. This is exactly what your MUA ordinarily has to do when > submitting 'outbound' traffic, and may or may not be acceptable on port 25. > Port 587, with TLS, is a likely alternative. > > Accordingly, the 'short answer' seems to be that for the intermediate > 'smarthost' in question, you will have to configure Exim to behave much as > your > MUA would do, i.e. use the expected port and protocol (TLS on 587?), and > supply > BOTH a UID and Password valid for that host. > > IF said host allows you to send mail when traveling and attached via some > other > ISP's link, i.e with the correct UID:PWD, but a random source IP, then all > should be well. If NOT, then said host may *also* be allowing submission only > from valid UID:PWD who are also attached via its own 'backside' IP pool. Some > ISP do that, as it virtually guarantees that they can identify a rule > violator > by their own MAC address logs and session timestamps. > > You can test this environment with your MUA to see if that is so. > > Applying the appropriate settings to cause Exim to meet the ISP smarthost > submission needs for authentication UID:PWD, unfortunately, IS > Debian-specific > your case. > > HTH, > > Bill Thanks for the detailed explanation. The smarthost in question is the Gmail SMTP server, which is available to anyone with a Gmail account, with no restrictions on the client's network segment location. As I mentioned, I have no problems with other MTAs (Sylpheed's built-in one, ssmtp) over the same link, so I suppose I must have made some Debian configuration mistake. Anyway, I reinstalled and reconfigured (once again :) ) exim and this time I seem to have gotten it right. Thanks again for your help. Celejar -- ssuds.sourceforge.net - Home of Ssuds and Ssudg, a Simple Sudoku Solver and Generator -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
