Maybe Exim should get a feature where you can define "protocol overrides" for
domains, like so it
ignore specific protocol violations and such.
So if you have problem with a slightly misbehaving remote mail server, you can
in a acl define how
exim should treat its responses (for example, treat
I would personally use the "Keywords:" header instead:
warn
condition = ${if
forany{${listnamed_d:trusted_domains}}{match{$sender_address_domain}{\\.$item\$}}{yes}{${if
forany{${listnamed_d:trusted_domains}}{eq{$sender_address_domain}{$item}}{yes}{no
set acl_m3 = =E2=9C=94=EF=B8=8F
The problem is that passwords are insecure. Its much better to lock accounts to
countries or even
individual ISPs, offices or IPs.
SMTP and IMAP doesn't have good support for OTP and other secure authentication
methods, so a good
idea is to "enhance" the security by locking accounts to
Yes, because you could escape out of the argument, think if local part contains
like "something &&
echo /etc/passwd".
Then whats executed is:
|/home/exim/scripts/my_script something && echo /etc/password
Fetching in the argument via environment variable is safe (as long as you in
the script
erstand my point.
There is no real benefit of restricting auth to particular IPs, IMHO.
If you must restrict AUTH to just a few IPs, then you actually don't need that
overhead.
Just put them in relay_from_hosts and you are good.
On Wed, Apr 21, 2021 at 1:55 PM Sebastian via Exim-users < exim-u
But its still good to use "auth_advertise_hosts" to restrict which hosts
that are permitted to authenticate in addition to this.
Else you will get bots that hack the password and then spam with your
server.
In auth_advertise_hosts, you can use CIDR notation (like 123.123.123.0/24)
to allow large