Home / server / Questions / 58392
Accepted
Dave Forgac
Asked: 2009-08-26 05:05:55 +0800 CST

How can I configure Exim to drop non-authenticated connections on alternate SMTP port?

  • 772

I currently only allow connections on port 25 from a mail filtering service's IPs.

I have Exim running on an alternate port for SMTP submission. This port needs to allow non-encrypted connections for now so I can't rely on forcing TLS on the port.

I would like to configure Exim to drop non-authenticated SMTP connections on the alternate port to prevent spammers from connecting and sending spam directly to users.

How would I configure this ACL?

smtp access-control-list exim smtp-auth

1 Answers

  1. Best Answer

    We use the following rules in acl_check_rcpt, but I suspect they would work better in acl_check_helo

    deny
   condition      = ${if and{{eq{$interface_port}{587}} {eq{$tls_cipher}{}} } }
   message        = All port 587 connections must use TLS

deny condition    = ${if eq{$interface_port}{587}}
   !authenticated = *
   message        = All port 587 connections must be Authenticated

    Obviously you only want the second of the two rules, but the first shows how to reject non-TLS connections. You may want to think about disallowing plaintext authentication methods if you aren't going to enforce TLS.

    • 6