Ich habe einen VPS mit Directadmin, auf dem auch Exim installiert ist. Ich versuche, ihn so zu konfigurieren, dass die auf dem Rechner gehosteten Websites über Exim weitergeleitet werden können. Ich habe Exim mit einem Smarthost konfiguriert.
Wenn ich jedoch versuche, eine Website dazu zu bringen, E-Mails über den lokalen Host zu senden, wird eine Authentifizierung verlangt. Ich habe Folgendes zur Hostliste hinzugefügt
hostlist relay_from_hosts = ::1
Und Folgendes zur ACL hinzugefügt
accept hosts = +relay_from_hosts
endpass
Dies ist die vollständige ACL:
######################################################################
# ACLs #
######################################################################
begin acl
# ACL that is used after the RCPT command
check_recipient:
## My own Edit.
accept hosts = +relay_from_hosts
endpass
# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
# to restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept hosts = +auth_relay_hosts
condition = ${if eq {$interface_port}{587} {yes}{no}}
endpass
message = relay not permitted, authentication required
authenticated = *
# allow local users to send outgoing messages using slashes
# and vertical bars in their local parts.
# Block outgoing local parts that begin with a dot, slash, or vertical
# bar but allows them within the local part.
# The sequence \..\ is barred. The usage of @ % and ! is barred as
# before. The motivation is to prevent your users (or their virii)
# from mounting certain kinds of attacks on remote sites.
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
# local source whitelist
# accept if the source is local SMTP (i.e. not over TCP/IP).
# Test for this by testing for an empty sending host field.
accept hosts = :
# sender domains whitelist
# accept if sender domain is in whitelist
accept sender_domains = +whitelist_domains
# sender hosts whitelist
# accept if sender host is in whitelist
accept hosts = +whitelist_hosts
accept hosts = +whitelist_hosts_ip
# envelope senders whitelist
# accept if envelope sender is in whitelist
accept senders = +whitelist_senders
# accept mail to postmaster in any local domain, regardless of source
accept local_parts = postmaster
domains = +local_domains
# accept mail to abuse in any local domain, regardless of source
accept local_parts = abuse
domains = +local_domains
# accept mail to hostmaster in any local domain, regardless of source
accept local_parts = hostmaster
domains =+local_domains
# OPTIONAL MODIFICATIONS:
# If the page you're using to notify senders of blocked email of how
# to get their address unblocked will use a web form to send you email so
# you'll know to unblock those senders, then you may leave these lines
# commented out. However, if you'll be telling your senders of blocked
# email to send an email to [email protected], then you should
# replace "errors" with the left side of the email address you'll be
# using, and "example.com" with the right side of the email address and
# then uncomment the second two lines, leaving the first one commented.
# Doing this will mean anyone can send email to this specific address,
# even if they're at a blocked domain, and even if your domain is using
# blocklists.
# accept mail to [email protected], regardless of source
# accept local_parts = errors
# domains = example.com
# deny so-called "legal" spammers"
deny message = Email blocked by LBL - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
sender_domains = +blacklist_domains
# deny using hostname in bad_sender_hosts blacklist
deny message = Email blocked by BSHL - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
hosts = +bad_sender_hosts
# deny using IP in bad_sender_hosts blacklist
deny message = Email blocked by BSHL - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
hosts = +bad_sender_hosts_ip
# deny using email address in blacklist_senders
deny message = Email blocked by BSAL - to unblock see http://www.example.com/
domains = use_rbl_domains
deny senders = +blacklist_senders
# By default we do NOT require sender verification.
# Sender verification denies unless sender address can be verified:
# If you want to require sender verification, i.e., that the sending
# address is routable and mail can be delivered to it, then
# uncomment the next line. If you do not want to require sender
# verification, leave the line commented out
#require verify = sender
# deny using spamhaus
deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/
# only for domains that do want to be tested against RBLs
hosts = !+relay_hosts
domains = +use_rbl_domains
!authenticated = *
dnslists = zen.spamhaus.org
# deny using njabl
# deny message = Email blocked by NJABL - to unblock see http://www.example.com/
# hosts = !+relay_hosts
# domains = +use_rbl_domains
# !authenticated = *
# dnslists = dnsbl.njabl.org
# deny using cbl
# deny message = Email blocked by CBL - to unblock see http://www.example.com/
# hosts = !+relay_hosts
# domains = +use_rbl_domains
# !authenticated = *
# dnslists = cbl.abuseat.org
## deny using sorbs name based list
# deny message = Email blocked by SORBS - to unblock see http://www.example.com/
# domains =+use_rbl_domains
# # rhsbl list is name based
# dnslists = rhsbl.sorbs.net/$sender_address_domain
# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
message = "Unknown User"
verify = recipient
# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
verify=recipient
# accept if message comes for a host for which we are an outgoing relay
# recipient verification is omitted because many MUA clients don't cope
# well with SMTP error responses. If you are actually relaying from MTAs
# then you should probably add recipient verify here
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
# default at end of acl causes a "deny", but line below will give
# an explicit error message:
deny message = relay not permitted
# ACL that is used after the DATA command
check_message:
#.include_if_exists /etc/exim.clamav.conf
accept
Wenn ich in die Exim-Protokollierung schaue, sehe ich Folgendes:
2017-01-20 11:05:04 H=localhost (Websiteaddress) [::1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<emailaddress> rejected RCPT <emailaddress>: authentication required
2017-01-20 11:05:04 H=localhost (Websiteaddress) [::1] incomplete transaction (QUIT) from <emailaddress>
2017-01-20 11:05:04 H=localhost (Websiteaddress) [::1] F=<emailaddress> rejected RCPT <emailaddress>: authentication required
2017-01-20 11:05:04 H=localhost (Websiteaddress) [::1] incomplete transaction (QUIT) from <emailaddress>
2017-01-20 11:15:01 H=localhost (Websiteaddress) [::1] X=TLSv1:DHE-RSA-AES256-SHA:256 F=<emailaddress> rejected RCPT <emailaddress>: authentication required
2017-01-20 11:15:01 H=localhost (Websiteaddress) [::1] incomplete transaction (QUIT) from <emailaddress>
2017-01-20 11:15:01 H=localhost (Websiteaddress) [::1] F=<emailaddress> rejected RCPT <emailaddress>: authentication required
2017-01-20 11:15:01 H=localhost (Websiteaddress) [::1] incomplete transaction (QUIT) from <emailaddress>