disable SMTP auth required

[mmancini]

ok, the last update doesn't allow pop before SMTP but requires SMTP authentication. I never ever want this (there's a good reason). So, I had to disable auto updates as the last update it again applied it even though it was removed with the previous update. Is there a way to ALWAYS have pop b4 SMTP and not change that method?

I have exchange servers that pop and relay through it (logging purposes) and don't want 1 SMTP authenticated account, rather have it by user but Exchange doesn't allow.

any other ideas?

 

[chirpy]

It would help to know what update you're talking about, since nothing is likely to affect changed to the eixm ACL section, which, AFAIK, is the only way to disable SMTP AUTH.

If you don't want POP before SMTP, then you need to untick both boxes for antirelayd in WHM > Service Manager

I don't understand why you'de want to disable SMTP AUTH, but if you want to, you'll have to edit the exim ACL's. You can do that in the Exim Configuration Editor and probably remove the following block from the ACL section:

  accept  hosts = +auth_relay_hosts
          endpass
          message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.
          authenticated = *

 

[mmancini]

disable SMTP

per previous thread, we want to disable SMTP authentication so EXchange servers can relay via each user and not 1 authenticated account so we can review logs in WHM to see who sent 1 email rather than all users on 1 server authenticating as 1 account.

2 weeks ago there was an update to Exim that changed my settings from pop b4 smtp to req auth. I made the change back and again this weekend it was changed again. So we disabled auto updates.

If updates to exim come in, with those settings be changed to req auth as happened this past weekend?

 

[chirpy]

So, presumably you edited exim.conf directly, which you should never do. If you make the changes in the Exim Configuration Editor, they should not be undone.

 

[mmancini]

thanks...

to be honest, I'm not sure what they did to correct it, exim or something else but I am going to do manual updates and test pop b4 smtp and correct.

BUt are updates cpanel and associated programs (Exim) going to not change that setting in the future?

 

[jamesbond]

It would help to know what update you're talking about, since nothing is likely to affect changed to the eixm ACL section, which, AFAIK, is the only way to disable SMTP AUTH.

If you don't want POP before SMTP, then you need to untick both boxes for antirelayd in WHM > Service Manager

I don't understand why you'de want to disable SMTP AUTH, but if you want to, you'll have to edit the exim ACL's. You can do that in the Exim Configuration Editor and probably remove the following block from the ACL section:

  accept  hosts = +auth_relay_hosts
          endpass
          message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.
          authenticated = *

I know this is not the exim mailing list, but I am trying to do the following:

Disable smtp for every domain on the server except for a few specific domains. How would I go about this?

By the way, I tried blocking the smtp port in CSF (allowing a few ip addresses), but this is not an option, since it causes issues with sender verify checks.

UPDATE:

If I understand it correctly 'auth_relay_hosts is set to * by default, so what I did is create a file 'exim_smtp_whitelist', where I can add IP's that need SMTP AUTH.

Then changed

accept  hosts = +auth_relay_hosts

into

accept  hosts = /etc/exim_smtp_whitelist

Which seems to work so far. Although what I would ideally like is to only allow certain domains or users instead of ip's