turn off smtp for some user packages?

[roly]

hi

is there a way to turn off smtp for some users (but not all) so they just have pop3 with there email accounts, and can use there own isp for sending emails, so that i don't get caught out by people spamming from my server?

thanks in advance

roland

 

[nobaloney]

Not really. You can block from IP# but you'd have to know which IP# they're using, you could make exim.conf changes to block by domain name but they could use any domain name.

Jeff

 

[roly]

hi jeff

understood, thanks for your help.

roland

 

[scsi]

Suprised it doesnt have that feature. I have it on qmail and vpopmail.

 

[roly]

yes it would be very useful, i was suprised it didn't support this feature.

would this be an easy option for directadmin to implement, where when adding users, rather than having the option of how many emails you could have the option of saying if they're allowed smtp and pop3 or just pop3? or would it need exim itself to be modified?

 

[roly]

Suprised it doesnt have that feature. I have it on qmail and vpopmail.

hi scsi, i'm not sure if you deleted my double post in the feature request section.

I added the post there as well as a feature request in the feature request section of the board when you said the feature wasn't currently available. that was the reason for the double post, i wasn't sure that the directadmin people would read this post here.

 

[floyd]

It has to be a feature of Exim before it can be a feature of DirectAdmin.

 

[tillo]

Well, there is one acceptable solution.

1) Do not authorize relay for local addresses. That's done my removing the offending parts from the "hostlist relay_hosts" line within exim.conf. Any local web application (as any other local software) will be forced to use SMTP authentication when sending a message to a remote domain.

2) Remove the user's ~/.shadow file, which is used by exim.pl to authenticate. If you are concerned by untrusted users that may recreate the file, just modify exim.pl to additionnally check for something else.

 

[roly]

It has to be a feature of Exim before it can be a feature of DirectAdmin.

ok understood, i thought it may have been possible for when adding a user you could just disallow exim usage at directadmin level. thanks anyway.

 

[roly]

Well, there is one acceptable solution.

1) Do not authorize relay for local addresses. That's done my removing the offending parts from the "hostlist relay_hosts" line within exim.conf. Any local web application (as any other local software) will be forced to use SMTP authentication when sending a message to a remote domain.

2) Remove the user's ~/.shadow file, which is used by exim.pl to authenticate. If you are concerned by untrusted users that may recreate the file, just modify exim.pl to additionnally check for something else.

thanks for the advice, i shall take a look at that.

 

[snk]

What if do something like this:

in exim.conf right after "check_recipient:" put this code:

deny condition = ${if exists{/etc/virtual/${sender_address_domain}/smtp_disabled} {yes}{no}}
message = $sender_address_domain not allowed to use smtp.
authenticated = *

make empty file 'smtp_disabled' in domain folder that not allowed to use smtp:
#touch /etc/virtual/somedomain/smtp_disabled

 

[tillo]

That would work only if the authenticated person uses one of his domains as the sender address. He's not bound to it and could as well use @maindomain.ext as a workaround.