Re: [Exim] Backup MX ACL

Top Page
Delete this message
Reply to this message
Author: Vincent Sweeney
Date:  
To: exim-users
Subject: Re: [Exim] Backup MX ACL
James P. Roberts wrote:
>
> Right. Anyone could try making me their MX, but it won't work unless I host their domain. That is, if they aren't specifically
> listed in an appropriate ACL, Exim rejects any such mail, so it does them no good. In fact, it would be less effective as a DoS
> attack than sending mail directly to my real address(es), because it would be bounced at SMTP time, instead of cluttering up my
> inbox(es).
>
> I think, so long as you write the ACL much like the local_domains-related ACL, (i.e. reject mail to any domain you are not accepting
> responsibility for as a secondary), you should not have a problem.
>
> Jim Roberts
> Punster Productions, Inc.


Well actually it *would* be in an ACL since the mail will be currently
accepted by the rule thats says "accept any mail I'm primary or backup
for" ie @mx_all. I was looking to have more control by having seperate
ACL's for @mx_primary and @mx_secondary but since it does not look like
I can lock down the destination host to an ip range I will have to
continue accepting mail for any domain that puts my server(s) in their
MX records.

Yes this may not be a serious abuse, DoS or whatever you want to call it
but it's definetely a "feature" I'd like to disable!

Vince.