Nigel Metheringham edited this page Nov 30, 2012 · 3 revisions

Q0706

Question

How can I get POP-auth-before-relay (aka POP-before-SMTP) support in Exim?

Answer

A cleaner way of authentication is to use the SMTP AUTH facility, which does not require a prior use of POP. However, it is possible to do what you have asked for: Exim 4 supports the whoson > (http://whoson.sourceforge.net)

facility for doing this. If you set this up, you can do the check in an Exim ACL by a statement like this:

require condition = \
  ${lookup whoson {$sender_host_address}{yes}{no}}

Otherwise you need to arrange for a list of permitted IP addresses to be maintained in a file or database, and use this in a hosts condition in an ACL statement. An Exim user has published this recipe:

http://www.zeiss.cx/memo/computer/linux/email/exim-s-a-p.html

Another Exim user submitted the following idea: Use a script to grab authenticated IP addresses from the log files of the POP3 and IMAP4 daemons. These are used to create files in the directory tree /var/db/popb4smtp. The existence of a file represents a valid popped recently token for the IP address used as the filename. Another script periodically removes stale files from the tree (after two hours). There's a small race condition here; it's possible for a file to be deleted just after it has been updated by the script that watches the logs. For low-volume servers, the odds of hitting this window are low. A POPB4SMTP_CLIENT macro in the Exim configure file provides a reusable has this sender popped recently? > query:

POPB4SMTP_SUBDIR = /var/db/popb4smtp/${substr_-1_1:$sender_host_address}
POPB4SMTP_CLIENT = ${if exists {POPB4SMTP_SUBDIR/$sender_host_address} \
    {$sender_host_address} {0} }

Now you can use it just about anywhere, including in your ACLs. Simple examples include:

hostlist relay_hosts = 127.0.0.1/32 : ... : POPB4SMTP_CLIENT
host_lookup = !127.0.0.1/32 : ... : !POPB4SMTP_CLIENT
rfc1413_hosts = !127.0.0.1/32 : ... : !POPB4SMTP_CLIENT

The two scripts (and a FreeBSD startup script for them) are available for download at:

http://people.FreeBSD.org/~sheldonh/popb4smtp-nodb.tar.gz


Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.