I want to use my exim4 mail server as local delivery for anonymous sender for my localdomains, and relay to everyone only for authenticated users. Is it possible?
Asked
Active
Viewed 1,162 times
1 Answers
1
My approach is the next:
First we have to define TLS encryption. No auth allowed without TLS.
tls_certificate = /usr/local/etc/exim/exim.crt
tls_privatekey = /usr/local/etc/exim/exim.key
tls_advertise_hosts = *
tls_on_connect_ports = 587 : 465
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
Then we have to define auth mechanism. I prefer to use the same userdb dovecot have used. Keep in mind you need dovecot-auth to be compiled into exim. You can add more auth schemes if you want.
begin authenticators
plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_condition = ${if !eq{$tls_cipher}{}}
login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth2
server_condition = ${if !eq{$tls_cipher}{}}
Now we can filter out incoming messages
acl_rcpt:
# we accept everything from auth'ed hosts
accept authenticated = *
# we accept everything from our trusted hosts/networks
accept hosts = : +relay_from_hosts
# all the rest should be addressed to the domains we serve
require domains = +relay_to_domains : +local_domains
. . . . .
Kondybas
- 6,964
- 2
- 20
- 24