[Pkg-exim4-users] authenticated ACL
Marc Haber
mh+pkg-exim4-users at zugschlus.de
Tue Nov 1 15:46:19 UTC 2005
On Mon, Oct 31, 2005 at 11:43:56AM +0000, Tony Finch wrote:
> Marc Haber <mh+pkg-exim4-users at zugschlus.de> wrote:
> >Tony's configuration from cambridge does sender verification after
> >accepting authenticated senders, so that authenticators senders
> >receive a bounce to their inbox instead of having the message rejected
> >(and the SMTP error message probably hidden from them by their
> >"user-friendly" MUA). I am not sure whether we should go with Tony's
> >idea which surely is appropriate for the University.
>
> Er, that's a rather mangled description.
I apologize for misreading.
> The default Exim configuration now does something like the following,
> which is about right for a server which can act both as an MX and as an
> outgoing relay.
>
> accept local_parts = postmaster
> domains = +local_domains
>
> require verify = sender
>
> accept hosts = +relay_from_hosts
> accept authenticated = *
>
> # anti-spam checks
>
> require verify = recipient
>
> accept domains = +local_domains
> accept domains = +relay_to_domains
>
> deny message = relay not permitted
That will keep relayed messages from being subject to the anti-spam
checks, which might be desireable, or not, depending on the setup and
structure of the relay_from_hosts. Generally, not relaying for
knowingly compromised hosts would be a good idea, IMO.
Oh, btw, would it be possible to publish ppswitch's configuration in a
greppable form? The PDF of your excellent paper is rather clumsy to
handle in cases like this when it needs to serve as external reference.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-exim4-users
mailing list