RE: [Exim] Acl question

Top Page
Delete this message
Reply to this message
Author: Timothy Arnold
Date:  
To: 'Nico Erfurth', Timothy Arnold
CC: 'Exim-Users (E-mail)'
Subject: RE: [Exim] Acl question
Here is the Acl - it is bog standard except for hosts allow.

acl_check_rcpt:

# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.

accept hosts = 127.0.0.1 : 193.63.51.46

# Deny if the local part contains @ or % or / or | or !. These are rarely
# found in genuine local parts, but are often tried by people looking to
# circumvent relaying restrictions.

# Also deny if the local part starts with a dot. Empty components aren't
# strictly legal in RFC 2822, but Exim allows them because this is common.
# However, actually starting with a dot may cause trouble if the local
part
# is used as a file name (e.g. for a mailing list).

  deny    local_parts   = ^.*[@%!/|] : ^\\.


# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.

  accept  local_parts   = postmaster
          domains       = +local_domains


# Deny unless the sender address can be verified.

  require verify        = sender



############################################################################
#
  # There are no checks on DNS "black" lists because the domains that
contain
  # these lists are changing all the time. However, here are two examples of
  # how you could get Exim to perform a DNS black list lookup at this point.
  # The first one denies, while the second just warns.
  #
  # deny    message       = rejected because $sender_host_address is in a
black
list at $dnslist_domain\n$dnslist_text
  #         dnslists      = black.list.example
  #
  # warn    message       = X-Warning: $sender_host_address is in a black
list a
t $dnslist_domain
  #         log_message   = found in $dnslist_domain
  #         dnslists      = black.list.example


############################################################################
#

# Accept if the address is in a local domain, but only if the recipient
can
# be verified. Otherwise deny. The "endpass" line is the border between
# passing on to the next ACL statement (if tests above it fail) or denying
# access (if tests below it fail).

  accept  domains       = +local_domains
          endpass
          message       = unknown user
          verify        = recipient


# Accept if the address is in a domain for which we are relaying, but
again,
# only if the recipient can be verified.

  accept  domains       = +relay_to_domains
          endpass
          message       = unrouteable address
          verify        = recipient


# If control reaches this point, the domain is neither in +local_domains
# nor in +relay_to_domains.

# Accept if the message comes from one of the hosts for which we are an
# outgoing relay. Recipient verification is omitted here, because in many
# cases the clients are dumb MUAs that don't cope well with SMTP error
# responses. If you are actually relaying out from MTAs, you should
probably
# add recipient verification here.

  accept  hosts         = +relay_from_hosts


# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted.

accept authenticated = *

# Reaching the end of the ACL causes a "deny", but we might as well give
# an explicit message.

  deny    message       = relay not permitted


-----Original Message-----
From: Nico Erfurth [mailto:masta@perlgolf.de]
Sent: 23 January 2003 11:49
To: Timothy Arnold
Cc: 'Exim-Users (E-mail)'
Subject: Re: [Exim] Acl question


Timothy Arnold wrote:
> Sorry - I should have said more. With the below ACL it still allows
> anyone to send to the server. Is this the right place to put it in
> ACL?


Maybe you should show your complete ACL? Sorry, but I don't have access
to your server, so I can't check it myself ;)

> Is my mail sending fixed? Damn Outlook (feel free to recommend
> something else!).


Looks better now. I prefer Mozilla and pine myself.

Nico


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************