Re: [EXIM] I'm confused with anti-spam and relaying options

Pàgina inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
A: Andromeda
CC: exim-users
Assumpte: Re: [EXIM] I'm confused with anti-spam and relaying options
On Tue, 6 Oct 1998, Andromeda wrote:

> This means I cannot use restrictions based on IPs or domains. I am
> wondering whether anyone is willing to give me pointers on how to do the
> below using rules.


Here are some comments; I hope they help.

> Sender: The actual From: field
> Recipient: Any of the local parts in To:/CC:/BCC:


Are you sure? Delivery of mail is done using the "envelope" fields,
which are entirely separate from the From: and To: header contents. If
you receive a message containing

To: andromeda@???, ph10@???, exim-users@???

you surely aren't interested in the second and third addresses, are
you?. After all, the envelope will contain only your address.

> Incoming:
>
> 1. Incoming mail is checked for standard RBL.
> 2. If the sender is not RBL'ed, check it against a local domain set (I've
> seen some examples, but I'm not sure how to implement it) and kill it with
> 5xx error code.


There's confusion here. The RBL checks *hosts*, not domains. I presume
what you mean is if the host is acceptable, you want to do checks on the
sender address. Exim can do this (for the envelope sender) by what it
calls "verification", enabled by setting sender_verify. If you make all
your domains local in the Exim sense (checked by local_domains) then
verification runs the address through the directors. You can use various
options such as verify_only to arrange to use different ones for
verification than for delivery if you want to. For non-local domains,
the routers are used; you could perhaps do something that way if you
wanted.

> 3. If the sender is not local (using the "domains" and "$domain-aliases"
> files), but the recipient is not of any of the local recipients either
> (using the "domains" and "$domain-aliases" files), reject with a 5xx code.
> 4. If sender passes all tests, and recipients pass all tests, then deliver
> locally.


Er, doesn't this just amount to a normal delivery of known local
recipients? Setting receiver_verify checks validity at SMTP time.

> Outgoing:
>
> 1. Check if the sender is a legit local user (using the "domains" and
> "$domain-aliases" files). If so, send the email.
> 2. If the sender is not local, but the recipient is not of any of the local
> recipients either, reject with a 500 code (I don't even want the system to
> retry).
>
> I believe the above would be easy to implement, but I have NO clue how...
> I'd appreciate some help on how to do this. I guess I'll figure out more
> customized checking on my own.


The real problem is determining what is meant by "incoming" and
"outgoing". The only possible definition of "outgoing" that gives an
answer *before* checking the sender is "comes from certain IP
addresses", but you have said you don't want to do that.

If you want to be able to relay any message from certain senders at any
IP address, you can set

sender_address_relay = patterns to match valid addresses
relay_match_host_or_sender



-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.



--
*** Exim information can be found at http://www.exim.org/ ***