How to configure Exim to drop non-authenticated connections on alternate SMTP port

access-control-listeximsmtpsmtp-auth

I currently only allow connections on port 25 from a mail filtering service's IPs.

I have Exim running on an alternate port for SMTP submission. This port needs to allow non-encrypted connections for now so I can't rely on forcing TLS on the port.

I would like to configure Exim to drop non-authenticated SMTP connections on the alternate port to prevent spammers from connecting and sending spam directly to users.

How would I configure this ACL?

Best Answer

We use the following rules in acl_check_rcpt, but I suspect they would work better in acl_check_helo

deny
   condition      = ${if and{{eq{$interface_port}{587}} {eq{$tls_cipher}{}} } }
   message        = All port 587 connections must use TLS

deny condition    = ${if eq{$interface_port}{587}}
   !authenticated = *
   message        = All port 587 connections must be Authenticated

Obviously you only want the second of the two rules, but the first shows how to reject non-TLS connections. You may want to think about disallowing plaintext authentication methods if you aren't going to enforce TLS.

Best Answer

Related Solutions

Security – How to find which local process is sending spam on a Windows Server 2008 server

How to pevent unwanted SMTP connections EXIM

Related Topic