Edit: the acutal problem was that the client did not even attempt to authenticate, because the exim server did not advertise ESMTP
Original post:
Why can’t authenticated users send e-mail?
They are mostly behind dynamic IP addresses provided by their ISPs, but when trying to send mail the hestia server responds with: Error: RCPT TO: <[email protected]> failed '550:Rejected because 1.2.3.4 is in a black list at zen.spamhaus.org'
Why are the blacklists checked for users authenticated with legitimate smtp accounts on the server? How can I disable this behavior?
They should, indeed, exim doesn’t check dns block list when a user has been authenticated:
acl_check_rcpt:
[...]
accept hosts = +relay_from_hosts
control = submission
accept authenticated = * <--- this one is accepting all mails if the sender has been authenticated
control = submission/domain=
deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
hosts = !+whitelist
dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}}
[...]
I’m curious about the mail client you are using. It is the first time i see a client not trying to use ESMTP if it is not advertised on smtp banner. I think it should be added to default exim conf but just curious about the client.
It does have an -ehlo option to force it even when ESMTP is not advertised, but changing this parameter on x servers and y scripts was not really an option for me.
If it works to you perfect, but adding ESMTP to smtp banner (Greeting) is not a requirement in RFC 5321, it won’t hurt at all but as you said, the right way for a mail client to check if the smtp server supports ESMTP is the use of EHLO.
Just in case, keep in mind that Exim doesn’t advertise AUTH if the connection is not over TLS (directly using port 465 or using STARTTLS on ports 25,587) or if you add the sender ip/domain to auth_advertise_hosts directive.