[Pkg-exim4-users] Force authentication check for every outgoing message.

Michael González Medina admin.red at sanidadvegetal.cu
Thu Feb 5 21:10:05 UTC 2015 

Hi all list members, I need some help on this topic:

  First off all sorry for my bad English.

I Have Exim4 running on a Debian Server. Every is working fine, I mean 
that, every user from my LAN in order to send mail throught my server 
must provide a user and pass[using a MUA such as Thunderbird], but.. a 
few days ago I was doing a telnet testing to that server:

-------------------------------------------------------------------
michael at netadmin:~$ telnet my.mail.server.ip 25
Trying my.mail.server.ip...
Connected to my.mail.server.ip.
Escape character is '^]'.
220 Servidor de correos del CNSV a su servicio...
helo net
250 mydomain.cu Hello netadmin.local [192.168.0.43]
mail from: <bio at mydomain.cu>
250 OK
rcpt to: <admin.red at mydomain.cu>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
testinggg66
.
250 OK id=1YJT0E-0001IR-Lc
---------------------------------------------------------------------

I know that accept and send mail without  ask or check for 
authentication is a security hole, so... I test the same on other PC 
from my LAN and........... the same result.

So in order to solve this I need to force Exim authentication for every 
outgoing message[even via telnet session's], this is the portion that 
correspond to the acl_check_rcpt in my exim4.conf file:


----------------------------------------------------------------------------------------------------------------------------------------------
acl_smtp_rcpt = acl_check_rcpt

acl_check_rcpt:

  accept  authenticated = *
          control       = submission

accept  hosts = :
           control = dkim_disable_verify

  deny    message       = Restricted characters in address
           domains       = +local_domains
           local_parts   = ^[.] : ^.*[@%!/|]

deny    message       = Restricted characters in address
           domains       = !+local_domains
           local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

accept  local_parts   = postmaster
           domains       = +local_domains

require verify        = sender

   accept  hosts         = +relay_from_hosts
           control       = submission
           control       = dkim_disable_verify

  require message = relay not permitted
           domains = +local_domains : +relay_to_domains

require verify = recipient

accept
----------------------------------------------------------------------------------------------------------------------------------------------

thank's in advance,

-- 
Michael González Medina
Administrador de Red
Centro Nacional de Sanidad Vegetal

More information about the Pkg-exim4-users mailing list