我想使用我的 exim4 邮件服务器作为本地域匿名发件人的本地投递,并仅向经过身份验证的用户转发邮件。可以吗?
答案1
我的方法是:
首先我们必须定义 TLS 加密。没有 TLS 则不允许身份验证。
tls_certificate = /usr/local/etc/exim/exim.crt
tls_privatekey = /usr/local/etc/exim/exim.key
tls_advertise_hosts = *
tls_on_connect_ports = 587 : 465
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
然后我们必须定义身份验证机制。我更喜欢使用 userdbdovecot
所用过的相同机制。请记住,您需要将 dovecot-auth 编译到 中exim
。您可以根据需要添加更多身份验证方案。
begin authenticators
plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
server_condition = ${if !eq{$tls_cipher}{}}
login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth2
server_condition = ${if !eq{$tls_cipher}{}}
现在我们可以过滤传入的消息
acl_rcpt:
# we accept everything from auth'ed hosts
accept authenticated = *
# we accept everything from our trusted hosts/networks
accept hosts = : +relay_from_hosts
# all the rest should be addressed to the domains we serve
require domains = +relay_to_domains : +local_domains
. . . . .