-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello,
Urgh, I tried to fix the TOFU to answer practically. So sorry for the full quote, otherwise the sense would be lost. Am Do den 22. Sep 2011 um 18:36 schrieb Todd Lyons: > On Wed, Sep 21, 2011 at 9:39 PM, Aneesh Joseph <[email protected]> wrote: > > Hello, > > > > I have a mail server and a web server. I have installed the webmail client > > ( custom program ) in the web server. I need to allow Authenticated SMTP > > only from this web server. What I mean is that, if I have the email address > > and password, I should not be able to send email using my Outlook or any > > script from other server. > > > > Now I have enabled POP before SMTP and disabled POP3 port from all IPs > > Except the web server IP. Still people are sending email using SMTP > > authentication from remote computer > > > > Any Idea how to fix this ? Or any suggestion ? > > Honestly the easiest option to me is to put an iptables rule on the > mail server which rejects port 587 (you do require smtp auth to run > only on port 587, right?) except for 1 IP, that of the webmail server > you wish to allow. First of all, no 587 is not requiring authentication. True, that it is required by RFC but if you do not activate that in the exim config it would also allow unauthenticated connections. But you can also authenticate using port 25 so it would not help to block only port 587 if you do not also actively disable the possibility in the exim configuration. Finally there is also port 465 ... However, question to Aneesh (is your last name really Joseph?), why would you specifically forbid users to authenticate? In my eyes if they still authenticate you should be proud as not every user can be told to do so. If you really wish to allow authentication from only one IP, you can use any condition in "server_advertise_condition" of the authenticator configuration. Normally you have something like "server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}" in that option. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <[email protected]> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQGcBAEBCgAGBQJOe4uSAAoJEKZ8CrGAGfasMeoL/imMo2DbJRy775fyD1KRdmHD iZpIELGDHOGy2KnBYgSHOQtmAtLd+31Z6RVOkz2SFyMHBziJi9nBBjeZ2Cu/XuKV Q+sFBuaBrzQ7ykf5eYuz6GjGIYkEJDyEJBvV1A4j8lQ4Kbs7a9IO/2bjdDcS1alS NNownkRCOcEyr0iv3YC1/WGYjBXMwn2pFLX4eUwjpff57Ms7r+1Dp0wpVL01drEo msMvOY4nMiCHuwyR7Lp/a31SRqMRL1Eh2GxKfEmhkLghtSfXVMSzajRFSz0xqc4D kBxoJNHZ3rqKACzwtRqz3MEonUMIa7RIso2SxknC3Mez6YatTY01xSPiAiGKsBv9 FCY8iLG1dNr7uWWGQN2hziEQykVJCLeZpYYG+NNRdPEM0R4hEQGEQxO4QraYrPtu dPumG4D+3w7fApKJplkbaFBaQPQ6VP27MuB01Hw5jgci0YonQuScKXUBmnzLE9YP W7UL3JtIuxxm4H4OnzXreP6+pFmhDjsFhluzVtRpsg== =X97w -----END PGP SIGNATURE----- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
