Re: [Exim] Help with expansion variables

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Tony Earnshaw, exim-users
Subject: Re: [Exim] Help with expansion variables
At 14:37 +0100 2003/01/19, Tony Earnshaw wrote:
>søn, 2003-01-19 kl. 12:49 skrev Tony Earnshaw:
>
>> I notice that in the debug info the condition variables aren't expanded.
>> If I leave the $ sign out before "${if", they get expanded, but this
>> breaks the filter, which I'd expect. I have many more of this sort of
>> thing for ldap, AUTH etc.
>
>Well, now the variables get expanded. Even more diligent searching
>through the postings, and I realized Exim hadn't been told *who* to deny
>(I already have another +denysenders ACL).
>
>So now:
>
>deny senders = :
>      condition = ${if and { \
>      {!eq {$sender_address_domain}{$domain}} \
>      {eq {$sender_address_local_part}{*@$domain}} \
>      } \
>      {true}{false} \
>      }

>


why are you checking the local part? Unless I misunderstand your
requirement, this is all you need to deny pretended local senders
from remote connections (I actually deny this from any connection
that has not been authenticated):

# deny if sender pretends to be in local domain and connection not
authenticated
deny    sender_domains    = +local_domains
    message    = forged sender in local domain.
      log_message    = preposterous_senders: forged sender in local domain


you will clearly have to put this after the accept rule that allows
you users to send email..

Also, this will stop any emails a local user sent to a remote account
that in turn get redirected to another local user.

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/