[Pkg-exim4-users] How to do mandatory SMTP AUTH plus exceptions

[Marc Haber]

On Mon, Apr 21, 2008 at 12:02:46PM +0200, vitko at post.cz wrote:
> I'm running exim4 on Debian (Etch) machine, so far I have virtual
> users in MySQL database and courier packages for SSL POP3 and IMAP
> access. Users are authenticated by courier authdemon. This is very
> easy to set up on Debian and there are great tutorial out there, too.
> 
> My problem is that I need to set up following:
> 
>  1) Mandatory SMTP AUTH + TLS for virtual users' MUAs (simply said: no
>  authentication, no delivery).

Not even a delivery to addresses hosted on the same machine? How are
messages coming in from the internet accepted?

>  2) As an exception to rule (1) to enable non authenticated plain SMTP
>  for _one_ specific host (ip address). That host (actually antispam
>  and antivir security appliance) will act as smarthost and will also
>  route incoming MTA traffic to my server (a kind of "bi-directional
>  smarthost").

If you can live with your users being able to mail themselves and each
other without authentication, you can simply set dc_relay_nets to the
address of the smarthost and you have all you need.

If you want authentication even for local mail, you need to change
your acl_check_rcpt. The following is untested, but I think that it is
enough to add after

  accept
    authenticated = *
    control = submission/sender_retain

a

  deny
    message = authentication required

so that the ACL reads

  accept
    authenticated = *
    control = submission/sender_retain

  deny
    message = authentication required

The rest of the ACL will thus never be looked at again.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190