[Pkg-exim4-users] authenticated ACL

Marc Haber mh+pkg-exim4-users at zugschlus.de
Tue Nov 1 15:46:19 UTC 2005

On Mon, Oct 31, 2005 at 11:43:56AM +0000, Tony Finch wrote:
> Marc Haber <mh+pkg-exim4-users at zugschlus.de> wrote:
> >Tony's configuration from cambridge does sender verification after
> >accepting authenticated senders, so that authenticators senders
> >receive a bounce to their inbox instead of having the message rejected
> >(and the SMTP error message probably hidden from them by their
> >"user-friendly" MUA). I am not sure whether we should go with Tony's
> >idea which surely is appropriate for the University.
> Er, that's a rather mangled description.

I apologize for misreading. 

> The default Exim configuration now does something like the following,
> which is about right for a server which can act both as an MX and as an
> outgoing relay.
>   accept  local_parts   = postmaster
>           domains       = +local_domains
>   require verify        = sender
>   accept  hosts         = +relay_from_hosts
>   accept  authenticated = *
>   # anti-spam checks
>   require verify        = recipient
>   accept  domains       = +local_domains
>   accept  domains       = +relay_to_domains
>   deny    message       = relay not permitted

That will keep relayed messages from being subject to the anti-spam
checks, which might be desireable, or not, depending on the setup and
structure of the relay_from_hosts. Generally, not relaying for
knowingly compromised hosts would be a good idea, IMO.

Oh, btw, would it be possible to publish ppswitch's configuration in a
greppable form? The PDF of your excellent paper is rather clumsy to
handle in cases like this when it needs to serve as external reference.


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Pkg-exim4-users mailing list