Re: [EXIM] Controlling local access to SMTP

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Nigel R. Armfield
CC: exim-users
Subject: Re: [EXIM] Controlling local access to SMTP
On Tue, 16 Dec 1997, Nigel R. Armfield wrote:

> Ideally, what I want is as follows:
>
> Accept all inbound (ie. from off campus).
>
> Accept connections on campus only from those who I have
> specifically allowed, and reject all others.


Hmm. The accept/reject interaction is precisely the wrong way round for
you, and negative regular expressions are a right pain, so it is hard to
express "not *.lmu.ac.uk" as a regular expression. I cannot see an easy
way to do this.

Messy way 1:

sender_host_accept = "\
^.*([^k]|[^u]k|[^.]uk|[^c]\\.uk|[^a]c\\.uk|[^.]ac\\.uk|[^u]\\.ac\\.uk|\
[^m]u\\.ac\\.uk|[^l]mu\\.ac\\.uk|[^.]lmu\\.ac\\.uk)$"

should, if I have got it right, accept from any host whose name does
*not* end in lmu.ac.uk. However, it will require a reverse DNS lookup
for each host, which can be expensive. You need to add to that a list of
those on-campus that you like.

Messy way 2:

sender_host_reject = dbm;/some/file

where you place in the file a list of the on-campus hosts that you do
not like. Problem: you have to keep it up-to-date. A net list could do
the same job, but if there are lot of hosts it might be slower because
it is searched serially, unless you can clump them into blocks by using
the net mask facilities. This would be a more efficient way.

-- 
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714



--
*** Exim information can be found at http://www.exim.org/ ***