This post is very helped to me http://forums.jaguarpc.com/dedicated-servers/17391-exim-customization.html
Пятница, 14 февраля 2014, 7:31 -08:00 от Todd Lyons <[email protected]>: >On Fri, Feb 14, 2014 at 7:05 AM, Фадеев Виталий Львович < [email protected] > wrote: >> >> Some questions is still need to resolve. >> I have 4 IP for 4 domains. Thats is need for TLS. >> So how can I configure exim what would he do the following: >> In header Received: from xxx.net ([11.22.33.44] helo=[192.168.1.77]) by >> host.aaa.com with esmtpsa (TLS1.0:ECDHE_RSA_AES_128_CBC_SHA1:128) i need to >> replace "by host.aaa.com" with host from domain of sended mail, not primary >> hostname of server. > >First let me say that I think this is a bad idea. > >I suspect you mean "the mail server for the domain name of the recipient >email". > ># exim -bP | grep received >received_header_text = Received: ${if and >{{def:sender_rcvhost}{!def:authenticated_id}}{from >$sender_rcvhost\n\t}{${if def:sender_ident {from >${quote_local_part:$sender_ident} }{${if def:authenticated_id {from >${quote_local_part:$authenticated_id} }}}}${if def:sender_helo_name >{(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if >def:received_protocol {with $received_protocol}} ${if def:tls_cipher >{($tls_cipher)\n\t}}(Exim $version_number)\n\t${if def:sender_address >{(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if >def:received_for {\n\tfor $received_for}} > >You would want to redefine this setting, specifically changing the basic: > by $primary_hostname > >...to something that does a lookup and puts the value in: > ${if def:authenticated_id{by YOUR_HOSTNAME_LOOKUP}{by $primary_hostname}} > >Why is this a bad idea? IMHO: >1) What happens if the recipient is <>, as in a bounce message? The >YOUR_HOSTNAME_LOOKUP specifically needs to allow for this special >case. >2) SMTP is (can be) efficient. What happens when another server >realizes that email from two different domains goes the same IP and >tries to deliver two different messages, one from each domain, in the >same connection? The TLS negotiation has already been performed with >the first domain's certificate. >3) This is a layer of complexity that makes it harder to troubleshoot >issues. I'm not saying it's impossible, just that it's much harder. >4) Generally when you try to mask who you really are, it makes you >look shady and not legitimate, ESPECIALLY when people figure out that >you're doing it. > >> How to configure EXIM to require use TLS for user authentication when >> sending mail ? > >In one of the early ACL's, you check what encryption cipher is being >used and deny the message if it's empty, as described in this Server >Fault post: > >http://serverfault.com/questions/58392/how-can-i-configure-exim-to-drop-non-authenticated-connections-on-alternate-smtp > >...Todd >-- >The total budget at all receivers for solving senders' problems is $0. > If you want them to accept your mail and manage it the way you want, >send it the way the spec says to. --John Levine > >-- >## List details at https://lists.exim.org/mailman/listinfo/exim-users >## Exim details at http://www.exim.org/ >## Please use the Wiki with this list - http://wiki.exim.org/ -- Виталий Фадеев -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
