On 08/05/2020 13:03, Damon Hill via Exim-users wrote: > My server, say SERVER A, hosts e-mail for coolstore.com domain, but the > web is hosted by SERVER B (which uses several servers for mailing). I > need to exclude from Exim SMTP auth checking in Server A: > smtp1.serverb.com, smtp2.serverb.com, mai...@serverb.com and > *.serverb2.com. > > The problems is that when the web application (hosted by ServerB) tries > to send an (unauthenticated) email from se...@coolstore.com to > ow...@coolstore.com it fails with message: '550 smtp auth requried (in > reply to RCPT TO command)' > > I've got the ACL: > > deny message = smtp auth requried > sender_domains = +local_domains > !authenticated = * > > but i cannot make it exclude these domains from the checking. > > I tried adding this to ACLs: > > accept condition = > ${lookup{\$sender_address}nwildlsearch{/etc/exim/senders-whitelist. > conf}{yes}}
First, that would be relying on info trivially spoofable by an attacker. You are only gaining security-by-obscurity. Better to be testing something hard to spoof. The IP(s) or (not quite so good, but more flexible) names of hosts you trust would be better. Second: ACL verbs in an ACL are processed in sequence; the order matters. Within each verb the conditions and actions are processed in sequence, too ("message" tends be be confusing. I recommend you place it last, for clarity). You could make this deny verb not act for the messages you want to trust (due to their source). -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/