[Pkg-exim4-users] Force authentication check for every outgoing message.(Solved)

Michael González Medina admin.red at sanidadvegetal.cu
Tue Feb 10 19:35:50 UTC 2015 

El 05/02/15 16:10, Michael González Medina escribió:
> Hi all list members, I need some help on this topic:
>
>  First off all sorry for my bad English.
>
> I Have Exim4 running on a Debian Server. Every is working fine, I mean 
> that, every user from my LAN in order to send mail throught my server 
> must provide a user and pass[using a MUA such as Thunderbird], but.. a 
> few days ago I was doing a telnet testing to that server:
>
> -------------------------------------------------------------------
> michael at netadmin:~$ telnet my.mail.server.ip 25
> Trying my.mail.server.ip...
> Connected to my.mail.server.ip.
> Escape character is '^]'.
> 220 Servidor de correos del CNSV a su servicio...
> helo net
> 250 mydomain.cu Hello netadmin.local [192.168.0.43]
> mail from: <bio at mydomain.cu>
> 250 OK
> rcpt to: <admin.red at mydomain.cu>
> 250 Accepted
> data
> 354 Enter message, ending with "." on a line by itself
> testinggg66
> .
> 250 OK id=1YJT0E-0001IR-Lc
> ---------------------------------------------------------------------
>
> I know that accept and send mail without  ask or check for 
> authentication is a security hole, so... I test the same on other PC 
> from my LAN and........... the same result.
>
> So in order to solve this I need to force Exim authentication for 
> every outgoing message[even via telnet session's], this is the portion 
> that correspond to the acl_check_rcpt in my exim4.conf file:
>
>
> ---------------------------------------------------------------------------------------------------------------------------------------------- 
>
> acl_smtp_rcpt = acl_check_rcpt
>
> acl_check_rcpt:
>
>  accept  authenticated = *
>          control       = submission
>
> accept  hosts = :
>           control = dkim_disable_verify
>
>  deny    message       = Restricted characters in address
>           domains       = +local_domains
>           local_parts   = ^[.] : ^.*[@%!/|]
>
> deny    message       = Restricted characters in address
>           domains       = !+local_domains
>           local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>
> accept  local_parts   = postmaster
>           domains       = +local_domains
>
> require verify        = sender
>
>   accept  hosts         = +relay_from_hosts
>           control       = submission
>           control       = dkim_disable_verify
>
>  require message = relay not permitted
>           domains = +local_domains : +relay_to_domains
>
> require verify = recipient
>
> accept
> ---------------------------------------------------------------------------------------------------------------------------------------------- 
>
>
> thank's in advance,
>
Problem was solved adding this lines in acl_check_rcpt:

deny    message       = Autentifiquese correctamente!!
           senders       = /etc/exim4/filters/cu/todos
           accept condition = ${if 
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/var/passwd}{$value}{*:*}}}}}{1}{0}}

where, /etc/exim4/filters/cu/todos is a file with line by line all the 
address in my server and /var/passwd is a file with line by line 
user(mail users) and password crypted

and work well ;-) ..............perhpas there is another solution more 
easy or more trivial but that was what I find(after a lot off hours reading)

-- 
Michael González Medina
Administrador de Red
Centro Nacional de Sanidad Vegetal

More information about the Pkg-exim4-users mailing list