At 14:37 +0100 2003/01/19, Tony Earnshaw wrote:
>søn, 2003-01-19 kl. 12:49 skrev Tony Earnshaw:
>
>> I notice that in the debug info the condition variables aren't expanded.
>> If I leave the $ sign out before "${if", they get expanded, but this
>> breaks the filter, which I'd expect. I have many more of this sort of
>> thing for ldap, AUTH etc.
>
>Well, now the variables get expanded. Even more diligent searching
>through the postings, and I realized Exim hadn't been told *who* to deny
>(I already have another +denysenders ACL).
>
>So now:
>
>deny senders = :
> condition = ${if and { \
> {!eq {$sender_address_domain}{$domain}} \
> {eq {$sender_address_local_part}{*@$domain}} \
> } \
> {true}{false} \
> }
>
why are you checking the local part? Unless I misunderstand your
requirement, this is all you need to deny pretended local senders
from remote connections (I actually deny this from any connection
that has not been authenticated):
# deny if sender pretends to be in local domain and connection not
authenticated
deny sender_domains = +local_domains
message = forged sender in local domain.
log_message = preposterous_senders: forged sender in local domain
you will clearly have to put this after the accept rule that allows
you users to send email..
Also, this will stop any emails a local user sent to a remote account
that in turn get redirected to another local user.
Giuliano
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/
