I think I have a solution for you, and then another question.
I'll preface this with a disclaimer: I'm new to exim, but I think I understand this process. If not, someone please correct me.
You can tell exim to not allow relaying except via SMTP authentication, by changing /etc/exim.conf
The key lines are these:
host_accept_relay = +allow_address : lsearch;/etc/relayhosts : localhost
host_auth_accept_relay = *
The first, host_accept_relay is where exim is told to allow un-authenticated relay from the addresses listed in /etc/relayhosts
(Antirelayd is responsible for refreshing /etc/relayhosts periodically.)
The second, 'host_auth_accept_relay = *' says to allow anyone to relay, if they authenticate sending with a username and password.
Since you want to rely only on authenticated SMTP, you should be abled to remove the 'lsearch; /etc/relayhosts' bit in host_accept_relay.
That way, no unauthenticated mail can be sent, except from localhost.
Now, my question: Is my understanding inaccurate? For a spammer to be successful in sending through your system, his
unauthenticated SMTP request would have to originate from the same IP address that one of your legitimate users had checked POP mail on within the last 60 minutes.
If that's not true, then I'm concerned as well, and I'll test via another network, after insuring that I disable my POP mail-checks beforehand.
I'll preface this with a disclaimer: I'm new to exim, but I think I understand this process. If not, someone please correct me.
You can tell exim to not allow relaying except via SMTP authentication, by changing /etc/exim.conf
The key lines are these:
host_accept_relay = +allow_address : lsearch;/etc/relayhosts : localhost
host_auth_accept_relay = *
The first, host_accept_relay is where exim is told to allow un-authenticated relay from the addresses listed in /etc/relayhosts
(Antirelayd is responsible for refreshing /etc/relayhosts periodically.)
The second, 'host_auth_accept_relay = *' says to allow anyone to relay, if they authenticate sending with a username and password.
Since you want to rely only on authenticated SMTP, you should be abled to remove the 'lsearch; /etc/relayhosts' bit in host_accept_relay.
That way, no unauthenticated mail can be sent, except from localhost.
Now, my question: Is my understanding inaccurate? For a spammer to be successful in sending through your system, his
unauthenticated SMTP request would have to originate from the same IP address that one of your legitimate users had checked POP mail on within the last 60 minutes.
If that's not true, then I'm concerned as well, and I'll test via another network, after insuring that I disable my POP mail-checks beforehand.
