Q0706 - Exim/exim GitHub Wiki
How can I get POP-auth-before-relay (aka POP-before-SMTP) support in Exim?
A cleaner way of authentication is to use the SMTP AUTH facility, which does not require a prior use of POP. However, it is possible to do what you have asked for: Exim 4 supports the whoson > (http://whoson.sourceforge.net)
facility for doing this. If you set this up, you can do the check in an Exim ACL by a statement like this:
require condition = \
${lookup whoson {$sender_host_address}{yes}{no}}
Otherwise you need to arrange for a list of permitted IP addresses to be
maintained in a file or database, and use this in a hosts condition in
an ACL statement. An Exim user has published this recipe:
http://www.zeiss.cx/memo/computer/linux/email/exim-s-a-p.html
Another Exim user submitted the following idea: Use a script to grab authenticated IP addresses from the log files of the POP3 and IMAP4 daemons. These are used to create files in the directory tree /var/db/popb4smtp. The existence of a file represents a valid popped recently token for the IP address used as the filename. Another script periodically removes stale files from the tree (after two hours). There's a small race condition here; it's possible for a file to be deleted just after it has been updated by the script that watches the logs. For low-volume servers, the odds of hitting this window are low. A POPB4SMTP_CLIENT macro in the Exim configure file provides a reusable has this sender popped recently? > query:
POPB4SMTP_SUBDIR = /var/db/popb4smtp/${substr_-1_1:$sender_host_address}
POPB4SMTP_CLIENT = ${if exists {POPB4SMTP_SUBDIR/$sender_host_address} \
{$sender_host_address} {0} }
Now you can use it just about anywhere, including in your ACLs. Simple examples include:
hostlist relay_hosts = 127.0.0.1/32 : ... : POPB4SMTP_CLIENT
host_lookup = !127.0.0.1/32 : ... : !POPB4SMTP_CLIENT
rfc1413_hosts = !127.0.0.1/32 : ... : !POPB4SMTP_CLIENT
The two scripts (and a FreeBSD startup script for them) are available for download at: