[Pkg-exim4-users] authenticated ACL
Andreas Metzler
ametzler at downhill.at.eu.org
Sat Oct 29 09:10:30 UTC 2005
On 2005-10-28 Richard Doyle <rdoyle at islandnetworks.com> wrote:
> In the check recipient ACL of the stock Debian configuration
> (30_exim4-config_check_rcpt), the test for authentication of the
> incoming SMTP connection (accept authenticated = *) is run next to last,
> right before the final "deny message = relay not permitted" stanza in
> the ACL. Why does the authentication test run so late in the ACL?
Hello,
I cannot remember, I guess it simply grew.
> In particular, I use the DNSBL check, which runs earlier in the
> check_rcpt ACL, as a blocklist. Because the authentication test runs
> later, incoming mail from an authenticated SMTP connection will be
> blocked if the sender is listed in the DNSBL blacklist.
> Will I break anything if I move the test for SMTP authentication to the
> beginning of the ACL?
I think moving it to the beginning of the ACL is no good idea, there
is a number of checks where special-casing of relayed messages does not
make sense, e.g.
- accepting undeliverable mail.
- accepting blacklisted from. (e.g. viruses)
etc.
I'd suggest moving accept authenticated = * after
.ifdef CHECK_RCPT_REVERSE_DNS
...
.endif
Thoughts?
BTW, I wonder whether we should add
control = submission/sender_retain
to the 'accept authenticated = *' statement.[1]
cu andreas
[1] I do not know by heart whether
accept
authenticated = *
control = submission/sender_retain
would work or whether we would need two statements instead.
warn
authenticated = *
control = submission/sender_retain
accept
authenticated = *
--
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken. (c) Jasper Ffforde
More information about the Pkg-exim4-users
mailing list