Hi, while checking if the Thunderbird setup instructions are still ok for Stretch, I found out that SMTP configuration now requires to choose: (1) no connection security and (2) no authentication.
This is due to a changed Exim configuration via commit 4beb721: commit 4beb72119c924aff4f2c6c4353d4f49e5f82f32f Author: Mike Gabriel <mike.gabr...@das-netzwerkteam.de> Date: Wed Oct 14 12:15:18 2015 +0200 exim4 mainserver configuration: Allow Debian Edu clients on the default Debian Edu network to directly send mails to the main server (by white- listing the 10./8 network). This fixes console mailing and system mails on Debian Edu clients (Closes: #794602). diff --git a/debian/changelog b/debian/changelog index 7acaa265..6d343687 100644 --- a/debian/changelog +++ b/debian/changelog @@ -35,6 +35,10 @@ debian-edu-config (1.819) UNRELEASED; urgency=low #798435). * gosa-sync: Fix escaping double quotes and semicolons. (Closes: #794000). * Drop deprecated README.ldap file. (Closes: #621787). + * exim4 mainserver configuration: Allow Debian Edu clients on the default + Debian Edu network to directly send mails to the main server (by white- + listing the 10./8 network). This fixes console mailing and system mails + on Debian Edu clients (Closes: #794602). -- Petter Reinholdtsen <p...@debian.org> Sat, 16 May 2015 23:12:06 +0200 diff --git a/etc/exim4/exim-ldap-server-v4.conf b/etc/exim4/exim-ldap-server-v4.conf index 7b3fbc15..c2a2a3e7 100644 --- a/etc/exim4/exim-ldap-server-v4.conf +++ b/etc/exim4/exim-ldap-server-v4.conf @@ -192,14 +192,15 @@ acl_check_rcpt: # Make sure users can not fake sender address vis SMTP. Reject # unauthenticated connections and check that the sender is the same # as the Kerberos ID. + accept hosts = : + accept hosts = +relay_hosts + deny !authenticated = * message = SMTP server requires authentication. Check your SMTP client configuration. deny condition = ${if eq{$authenticated_id}{$sender_address_local_part@INTERN}{false}{true}} message = Sender address $sender_address conflicts with authentication $authenticated_id. - accept hosts = : accept domains = +local_domains - accept hosts = +relay_hosts deny message = relay not permitted # ACL that is used after the DATA command (END) Such a configuration allows users to send mails with a faked sender address. I believe that fixing #794602 shouldn't introduce a side effect like this one. Wolfgang
signature.asc
Description: PGP signature