SMTP авторизация в exim, с использованием системных пользователей. Столкнулся с такой проблемой, что эта авторизация является как бы "не обязательной". Она вроде как бы и есть, но отправить можно и без нее...вот пример конфига:
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################primary_hostname = test.local
domainlist local_domains = test.local
domainlist relay_to_domains =
hostlist relay_from_hosts = localhost
acl_smtp_rcpt = acl_check_rcptINTERNAL_IP = 192.168.0.70
daemon_smtp_ports = 25
qualify_domain = test.local
allow_domain_literals = trueexim_user = mail
exim_group = eximnever_users = root
host_lookup = *
rfc1413_query_timeout = 0s
sender_unqualified_hosts = +relay_from_hosts
recipient_unqualified_hosts = +relay_from_hosts
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7dauth_advertise_hosts = *
smtp_accept_max = 200
smtp_accept_max_per_connection = 25
smtp_connect_backlog = 30
smtp_accept_max_per_host = 10
split_spool_directory = false
remote_max_parallel = 15
return_size_limit = 70k
message_size_limit = 50Mhelo_allow_chars = _
smtp_enforce_sync = truelog_selector = \
+all_parents \
+connection_reject \
+incoming_interface \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error \
-queue_run
syslog_timestamp = no######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################begin acl
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
accept hosts = +relay_from_hosts
control = submission
accept authenticated = *
control = submission
require message = relay not permitted
domains = +local_domains : +relay_to_domains
require verify = recipient
#Рубим тех, кто не обменивается приветственными сообщениями (HELO/EHLO)
deny message = "HELO/EHLO require by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
#Рубим тех, кто подставляет свой IP в HELO
deny message = "Your IP in HELO - access denied!"
hosts = * : !+relay_from_hosts
condition = ${if eq{$sender_helo_name}\
{$sender_host_address}{true}{false}}
#Рубим тех, кто в HELO пихает мой IP
deny condition = ${if eq{$sender_helo_name}\
{$interface_address}{yes}{no}}
hosts = !127.0.0.1 : !localhost : *
message = "main IP in your HELO! Access denied!"
# Рубим хосты типа *adsl*; *dialup*; *pool*;....
deny message = "your hostname is bad (adsl, ppp & etc)."
condition = ${if match{$sender_host_name} \
{adsl|dialup|peer|dhcp} \
{yes}{no}}
# Задержка.
warn
# ставим дефолтовую задержку в 30 секунд
set acl_m0 = 30s
warn
# ставим задержку в 0 секунд своим хостам и дружественным сетям
hosts = +relay_from_hosts
set acl_m0 = 0s
warn
# пишем в логи задержку
logwrite = Delay $acl_m0 for $sender_host_name \
[$sender_host_address] with HELO=$sender_helo_name. Mail \
from $sender_address to $local_part@$domain.
delay = $acl_m0# Проверка получателя в локальных доменах.
accept domains = +local_domains
endpass
message = "In my mailserver not stored this user"
verify = recipient
logwrite = Accept $sender_host_name (local_domains)
# Проверяем получателя в релейных доменах
accept domains = +relay_to_domains
endpass
message = "main server not know how relay to this address"
verify = recipient
logwrite = Accept $sender_host_name (local_domains)# Рубим тех, кто в блэк-листах. Серваки перебираются сверху вниз.
deny message = "you in blacklist - $dnslist_domain --> $dnslist_text"
dnslists = sbl-xbl.spamhaus.org : \
bl.spamcop.net : \
dul.ru : \
dul.dnsbl.sorbs.net : \
opm.blitzed.org : \
cbl.abuseat.org : \
bl.csma.biz : \
cbl.abuseat.org# Разрешаем почту от доменов в списке relay_from_hosts
accept hosts = +relay_from_hosts
logwrite = Accept $sender_host_name (relay_from_hosts)# Если неподошло ни одно правило.
deny message = "relay not permitted"
deny
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_moresystem_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
user = exim
file_transport = address_file
pipe_transport = address_pipeuserforward:
driver = redirect
check_local_user
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_replyprocmail:
driver = accept
check_local_user
require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
transport = procmail
no_verifylocaluser:
driver = accept
check_local_user
transport = procmail
cannot_route_message = Unknown user######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transportsremote_smtp:
driver = smtpprocmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $local_part
group = mail
initgroups
return_outputlocal_delivery:
driver = appendfile
file = /var/mail/${local_part}
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
no_mode_fail_narroweraddress_pipe:
driver = pipe
return_outputaddress_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_addaddress_reply:
driver = autoreply######################################################################
# RETRY CONFIGURATION #
######################################################################begin retry
# Address or Domain Error Retries
# ----------------- ----- -------* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################LOGIN:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if pam {$auth1:$auth2}{yes}{no}}"
server_set_id = $auth1PLAIN:
driver = plaintext
public_name = PLAIN
server_condition = "${if pam {$auth2:$auth3}{yes}{no}}"
server_set_id = $auth2
Мож кто сталкивался с этим?
Думаю, для системных пользователей надо смотреть в сторону acl_not_smtp
Проблема решена, нада было к каждому accept'у в acl_check_rcpt добавить authenticated = *