Re: relay prevention

Page principale
Supprimer ce message
Répondre à ce message
Auteur: John Henders
Date:  
À: exim-users
Sujet: Re: relay prevention
On Mar 28, Brian Reichert <reichert@???> wrote:
>
> What I want to do:
>
> a) If the sending host is within our domain, accept.
>


Two ways to go here. You can use sender_net_accept_relay and list all
the network's you will accept relay mail from, which should be really
easy if all your networks are in a block. Or, you can list all your
hosts and domains in a list to sender_host_accept_relay.

> b) If the sending host is without our domain, and the recipient is
>    within our domain, accept.


See relay_domains

>
> Conversely: if neither the sending host, nor the recipient, is
> within our domain, reject.
>
> I'm just not wrapping my brain around this issue right... :(
>
> Any pointers, please let me know. I've looked through the Hypermailed
> archives, so if you see a meaningful posting there, point me to
> it.


Try reading section 45.3 in the spec.txt.

Here's an example off the top of my head. Not tested.

If I have terminal servers and hosts on 205.23.23.0 that I want to
accept relay mail for, and my domain is mydomain.com, and I also virtual
host somedomain.com, then the following should work.

sender_host_reject_relay = *
sender_net_accept_relay = "205.23.23.0/255.255.255.0"
relay_domains = "mydomain.com:somedomain.com"

At least that's what my reading suggests should be done. I haven't
implemented this yet because we have so many virtual domains and
networks we have to handle mail to and from that it's going to be a huge
job making sure something doesn't break. If you are using exim's virtual
domain driver, you can probably use the same file you're searching for
virtual domains as one of the arguments to the relay_domains list.

It would be nice if the net* commands took the more modern /24 argument.


-- 
      Artificial Intelligence stands no chance against Natural Stupidity.
                GAT d- -p+(--) c++++ l++ u++ t- m--- W--- !v
                     b+++ e* s-/+ n-(?) h++ f+g+ w+++ y*