tower wrote:
HiI want to allow sending mail without authentication for single account. I'm trying to not add another IP to relay_from_hosts, beacuse many normal users send from that IP. How can I gently modify my acl.conf to do that? #************************************ acl_check_mail_submission: #************************************ accept hosts = +relay_from_hosts require message = Please turn on authentication in your email client. authenticated = * deny message = Mailbox $authenticated_id is disable. Please contact with number xx-xxxxxx condition = ${if eq \ {0} \ {${lookup mysql {SELECT active FROM mailbox \ WHERE username='${quote_mysql:$authenticated_id}'} \ }} \ } control = dkim_disable_verify accept
Have you considered using the same IP, and/or an uncommon port and protocol for that one account?
Non-routable IPv6 if local, for example. Even so, I'd want to use matching PEM certs. You only have to configure the submitter to do SOME form of auth ONCE. Opening the door to compromise OTOH, can lead to a great deal more work. HTH, Bill -- 韓家標 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
