Skip to content
Nigel Metheringham edited this page Nov 30, 2012 · 3 revisions

Q0706

Question

How can I get POP-auth-before-relay (aka POP-before-SMTP) support in Exim?

Answer

A cleaner way of authentication is to use the SMTP AUTH facility, which does not require a prior use of POP. However, it is possible to do what you have asked for: Exim 4 supports the whoson > (http://whoson.sourceforge.net)

facility for doing this. If you set this up, you can do the check in an Exim ACL by a statement like this:

require condition = \
  ${lookup whoson {$sender_host_address}{yes}{no}}

Otherwise you need to arrange for a list of permitted IP addresses to be maintained in a file or database, and use this in a hosts condition in an ACL statement. An Exim user has published this recipe:

http://www.zeiss.cx/memo/computer/linux/email/exim-s-a-p.html

Another Exim user submitted the following idea: Use a script to grab authenticated IP addresses from the log files of the POP3 and IMAP4 daemons. These are used to create files in the directory tree /var/db/popb4smtp. The existence of a file represents a valid popped recently token for the IP address used as the filename. Another script periodically removes stale files from the tree (after two hours). There's a small race condition here; it's possible for a file to be deleted just after it has been updated by the script that watches the logs. For low-volume servers, the odds of hitting this window are low. A POPB4SMTP_CLIENT macro in the Exim configure file provides a reusable has this sender popped recently? > query:

POPB4SMTP_SUBDIR = /var/db/popb4smtp/${substr_-1_1:$sender_host_address}
POPB4SMTP_CLIENT = ${if exists {POPB4SMTP_SUBDIR/$sender_host_address} \
    {$sender_host_address} {0} }

Now you can use it just about anywhere, including in your ACLs. Simple examples include:

hostlist relay_hosts = 127.0.0.1/32 : ... : POPB4SMTP_CLIENT
host_lookup = !127.0.0.1/32 : ... : !POPB4SMTP_CLIENT
rfc1413_hosts = !127.0.0.1/32 : ... : !POPB4SMTP_CLIENT

The two scripts (and a FreeBSD startup script for them) are available for download at:

http://people.FreeBSD.org/~sheldonh/popb4smtp-nodb.tar.gz


Clone this wiki locally