On 07/09/15 12:10, hw wrote: >> - support 25, 587, 465/ssl-on-connect > Port 25 is for the "normal" traffic, i. e. incoming messages from hosts > on the LAN > and from MTAs in the outside world. Optionally, TLS can be used on 25. > Should I relay imcoming messages from authenticated sources on port 25, > too?
It's up to you. Consider also if you need to auth any internal relay hosts, and how you define a user in those cases... >> - in rcpt acl, require auth for any nonlocal destination (relaying) >> >> ... and not support any by-IP implicit authentication at all. >> If forced, bundle with the "real" auth check. > > Hm. Require authentication (on port 25) after it has been determined > that the message > would not be delivered locally? Yup, but just authentication (port irrelevant) > > That could be useful. Currently, there is a check in place that denies > delivery to non-local > domains for all sender addresses which are not listed in a file. Of > course, someone could > cheat their way around that by specifying a sender address for which > relaying is allowed. That's ugly > If I could make it so that the sender address must match the email > address of the user who > has authenticated, nobody could cheat unless they somehow get username > and password > of a user for which relaying is allowed. You could, but what when person authenticating is legitimately sending mail for someone else (eg. a secretary)? What when a sender is using an alternate persona (eg. their Gmail account name as a sender-address)? > > How would I do this? Depends what strings you use as the auth "name". I use the entire account name, so it's a straight compare of the appropriate variables. > The LOGIN authenticator doesn't seem to be needed. All I'm seeing in > the log file > is that PLAIN is used. Perhaps I should disable the LOGIN one? Different MUAs use different plaintext variants. It costs little to leave it supported. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
