tower wrote:
Hi

I want to allow sending mail without authentication for single account.
I'm trying to not add another IP to relay_from_hosts, beacuse many
normal users send from that IP. How can I gently modify my acl.conf to
do that?


#************************************
acl_check_mail_submission:
#************************************
accept hosts = +relay_from_hosts
require message = Please turn on authentication in
your email client.
authenticated = *
deny message = Mailbox $authenticated_id is
disable. Please contact with number xx-xxxxxx
condition = ${if eq \
{0} \
{${lookup mysql {SELECT
active FROM mailbox \
WHERE
username='${quote_mysql:$authenticated_id}'} \
}} \
}
control = dkim_disable_verify
accept



Have you considered using the same IP, and/or an uncommon port and protocol for that one account?

Non-routable IPv6 if local, for example.

Even so, I'd want to use matching PEM certs.

You only have to configure the submitter to do SOME form of auth ONCE.

Opening the door to compromise OTOH, can lead to a great deal more work.

HTH,

Bill


--
韓家標

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to