Re: Prevention of realying offsite.

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Alan Thew
CC: Exim List
Subject: Re: Prevention of realying offsite.
On Wed, 14 May 1997, Alan Thew wrote:

> I thought I had this right and had set the following
>
> sender_net_accept_relay = "138.253.0.0/255.255.0.0:\
>     ....
>     ....

>
> (included our Class C nets).
>
> I may have done something stupid with the netmasks but my (apparently)
> wrong understanding was that RCPT TO:<> containing addresses in the
> specified nets would be allowed but others would not.


No, you have misunderstood; sender_net_accept_relay specifies nets from
which relaying to *any* address is permitted. The option which specifies
which domains you will relay to from any host is relay_domains.

> I'm trying to stop relaying where mail from:<> and rcpt to:<> are both
> offsite.


Set sender_net_accept_relay to your local nets. That allows hosts on
your local nets to relay to anywhere.

Set relay_domains to any domains other than those in local_domains that
are on your site. That will allow all hosts on the Internet to relay to
those domains.

Hosts that do not match sender_net_accept_relay will then not be able to
relay to domains that are not in relay_domains (or to your
local_domains, of course).


-- 
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714