On Tue, Jun 23, 2015 at 8:38 AM, Royce Williams <royce@tycho.org> wrote:
> Anybody know of a way to disable SMTP AUTH *completely* functionality in exim?
>
> I've got a server that I want to just do MX duty, and don't need the
> hordes doing SMTP AUTH bruteforcing 24/7. Yes, I can throttle them,
> but there's zero need to do SMTP AUTH at all on an MX_only server, so
> I just want to sidestep the whole thing. All the stuff online is
> people asking how to not require it for certain netblocks, but that's
> not my use case.
>
> From my research:
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_authentication.html
>
> ... I know that I can disable them at compile time by doing this (or
> the equivalents for whatever are supported):
>
> AUTH_CRAM_MD5=no
> AUTH_PLAINTEXT=no
>
> ... but it's not a server that I have that level of control over -
> can't recompile Exim there.
>
> I suspect that I could do it by creatively modifying the
> "fixed_login", "fixed_plain", etc. clauses in the config, but haven't
> experimented yet.
>
> Any ideas?
"Talking to yourself is a sign of impending mental collapse." - The
HHGTTG Infocom game ;)
I found an exim-based solution to effectively disabling SMTP AUTH. I
added this rule under the "acl_smtp_auth" configuration area:
accept
condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{1}{0}}
I then created /etc/exim.smtpauth, and only put 127.0.0.1 in it.
Royce
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 23 21:02:31 2015
This archive was generated by hypermail 2.1.8 : Tue Jun 23 2015 - 21:02:31 AKDT