exim auth requriement

serghey-rodin · serghey-rodin · commit 1b5332b558ca · 2012-12-17T22:57:17.000+02:00
diff --git a/install/0.9.7/rhel/exim.conf b/install/0.9.7/rhel/exim.conf
@@ -63,41 +63,54 @@ acl_check_mail:
           condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
           condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
           delay         = 45s
-  drop
-          condition     = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
-          condition     = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
-          message       = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
+#  drop
+#          condition     = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
+#          condition     = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
+#          message       = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
   drop
           condition     = ${if isip{$sender_helo_name}}
           message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
   drop
           condition     = ${if match{$sender_helo_name}{\N\.$\N}}
           message       = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
-#  drop    message       = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
-#          condition     = ${if match{$sender_helo_name}{$primary_hostname}}
+  drop    message       = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
+          condition     = ${if match{$sender_helo_name}{$primary_hostname}}
   drop    condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
           message       = $interface_address is _my_ address
   accept
 
 
 acl_check_rcpt:
   accept  hosts         = :
+
   deny    message       = Restricted characters in address
           domains       = +local_domains
           local_parts   = ^[.] : ^.*[@%!/|]
+
   deny    message       = Restricted characters in address
           domains       = !+local_domains
           local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+  require verify        = sender
+
   accept  hosts         = +relay_from_hosts
           control       = submission
+
   accept  local_parts   = postmaster
           domains       = +local_domains
-  require verify        = sender
+
   accept  authenticated = *
           control       = submission/domain=
+
   require message       = relay not permitted
           domains       = +local_domains : +relay_to_domains
+
+  deny    message       = smtp auth requried
+         sender_domains = +local_domains
+         !authenticated = *
+
   require verify        = recipient
+
 .ifdef CLAMD
   warn    set acl_m0    = no
   warn    condition     = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}}
