On Wed, 4 Oct 2023, Mario Emmenlauer via Exim-users wrote:
I have a dedicated server running exim. It works great, except I
can not get a smarthost setup to work in combination with sender
verification.
On the server, I have sender verification enabled, as a means to
reduce spam. It generally works well. The ACLs are just the ones
from Debian/Ubuntu:
/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt:
deny
!acl = acl_local_deny_exceptions
!verify = sender
message = Sender verification failed
/etc/exim4/conf.d/acl/40_exim4-config_check_data:
deny
!acl = acl_local_deny_exceptions
!verify = header_sender
message = No verifiable sender address in message headers
Now I would like to configure this server as a smarthost, so it will
forward emails from my desktop computers (without static IP or DNS).
Also, I'd like to have unique mailnames for each desktop, like
<hostname>.mydomain.org, to better identify where the mail originated
from. But these domains do not really exist, they would be "fake"
mailnames to identify the various desktop computers.
Now, the server rejects all such emails because sender verification
failed. I can see that this is sensible. But it is not what I want.
I wanted sender verification only for non-authenticated users. The
spam protection is (for me) not relevant for authenticated users.
They are assumed to be trustworthy.
I'm not sure if what I'm trying is possible and sensible. Am I
completely on the wrong track here? Are there a better way to
achieve something similar?
I don't really understand what you are trying to do with
sender verify here and I agree with others that you do not
want to put the desktop's name into the email address.
*If* the desktops can support RFC1413, setting the
rfc1413_hosts
option to include them would be worth considering.
This would allow the smarthost to record (header and/or logfile IIRC)
the hostname *and user* that originated the email.
I have not used this for a long time, but IIRC you could force
the sender address to match the rfc1413 user response.
Windows does not natively support RFC1413. Worse, I think that there
s nothing to stop an ordinary windows user from running a spoofing
rfc1413 service.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
