On Fri, Feb 14, 2014 at 7:05 AM, Фадеев Виталий Львович <f...@mail.ru> wrote: > > Some questions is still need to resolve. > I have 4 IP for 4 domains. Thats is need for TLS. > So how can I configure exim what would he do the following: > In header Received: from xxx.net ([11.22.33.44] helo=[192.168.1.77]) by > host.aaa.com with esmtpsa (TLS1.0:ECDHE_RSA_AES_128_CBC_SHA1:128) i need to > replace "by host.aaa.com" with host from domain of sended mail, not primary > hostname of server.
First let me say that I think this is a bad idea. I suspect you mean "the mail server for the domain name of the recipient email". # exim -bP | grep received received_header_text = Received: ${if and {{def:sender_rcvhost}{!def:authenticated_id}}{from $sender_rcvhost\n\t}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }{${if def:authenticated_id {from ${quote_local_part:$authenticated_id} }}}}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} ${if def:tls_cipher {($tls_cipher)\n\t}}(Exim $version_number)\n\t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if def:received_for {\n\tfor $received_for}} You would want to redefine this setting, specifically changing the basic: by $primary_hostname ...to something that does a lookup and puts the value in: ${if def:authenticated_id{by YOUR_HOSTNAME_LOOKUP}{by $primary_hostname}} Why is this a bad idea? IMHO: 1) What happens if the recipient is <>, as in a bounce message? The YOUR_HOSTNAME_LOOKUP specifically needs to allow for this special case. 2) SMTP is (can be) efficient. What happens when another server realizes that email from two different domains goes the same IP and tries to deliver two different messages, one from each domain, in the same connection? The TLS negotiation has already been performed with the first domain's certificate. 3) This is a layer of complexity that makes it harder to troubleshoot issues. I'm not saying it's impossible, just that it's much harder. 4) Generally when you try to mask who you really are, it makes you look shady and not legitimate, ESPECIALLY when people figure out that you're doing it. > How to configure EXIM to require use TLS for user authentication when sending > mail ? In one of the early ACL's, you check what encryption cipher is being used and deny the message if it's empty, as described in this Server Fault post: http://serverfault.com/questions/58392/how-can-i-configure-exim-to-drop-non-authenticated-connections-on-alternate-smtp ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/