On Sun, Jan 19, 2003 at 01:33:22PM +0100, Anand Buddhdev wrote:
I'm wondering how to configure courier to accept esmtp "relaying"
connections ONLY from those clients that login via SSL using their user id
and password. I've been studying the documentation in depth and can't find
any clear directions on how to do this.
OT: exim can implement the policy you require.
acl_check_rcpt:
...
# Allow relaying from AUTH users, but only if they have connected
# using STARTTLS
accept authenticated = *
encrypted = *
That will reject relaying with a 550 at RCPT time. Even better, you can
refuse the AUTH command itself, if the connection is not running under TLS
at the point when it is issued. Example:
http://www.exim.org/exim-html-4.10/doc/html/spec_37.html#SECT37.4
That doesn't mean you have to abandon Courier MTA though. You could set up a
separate server for outgoing relaying. In fact, it's an extremely good idea
to set up separate servers or server clusters for "outbound" and "inbound"
mail anyway.
Apart from increased scalability, you get the important advantage that if
one of your customers moves their MX records to a different provider without
telling you, mail relayed via your "outbound" cluster will still be
delivered correctly.
Regards,
Brian.
16 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Setting up SSL re...
