Hello, On Mon, Feb 19, 2007 at 06:10:33PM +0100, Peter Velan wrote: > am 19.02.2007 16:45 schrieb David Woodhouse: > > On Mon, 2007-02-19 at 15:06 +0100, Peter Velan wrote: > >> all users which are allowed to send via our MTA must authenticate first. > >> > >> Could I block any non-authenticated senders (forging envelope from like > >> "[EMAIL PROTECTED]") with the following construction? > >> > >> ... > >> acl_smtp_rcpt = acl_check_rcpt > >> ... > >> begin acl > >> acl_check_rcpt: > >> ... > >> accept authenticated = * > >> > >> deny !authenticated = * > >> senders = [EMAIL PROTECTED]:[EMAIL PROTECTED] > >> ... > >> > >> Should I be aware of any side effects? > > > > You'll be rejecting any mail which is forwarded to one of your users, > > but which also originated from one of your users. > > How that? If one of my users is forwarding with his mailclient than he > must authenticate before.
If the forwarding server is not your server, the sender will receive a bounce mail. In more detail: - your user sends a mail using SMTP AUTH via your mail server to an external address - the mail server responsible for this domain forwards the mail to some recipients including the original sender - your mail server in turn rejects the forwarded mail because it was not sent via SMTP AUTH - your user will receive an error mail from the forwarding mail server I would stongly recommend not to implement this kind of blocking. -- Gruss / Best regards | LF.net GmbH | fon +49 711 90074-411 Matthias Waffenschmidt | Ruppmannstr. 27 | fax +49 711 90074-33 [EMAIL PROTECTED] | D-70565 Stuttgart | http://www.lf.net -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
