Re: [Exim] ACLs

Top Page
Delete this message
Reply to this message
Author: Fernando Sanchez
Date:  
To: Dirk Koopman
CC: exim-users
Subject: Re: [Exim] ACLs
Dirk Koopman wrote:
> I seem to have got my knickers in a bit of a twist on ACL, can anyone
> help me straighten them out a bit.
>
> I am running Mailman on the box so I want that to be able to post
> unconditionally.
>
> I would like sender and receiver to be verified on incoming stuff,


I just went over that, what you need to do is to add in ur acl_rcpt
(exim 4.20 is my version, for 3.x you will have to check if works):

accept require verify = sender/callout=30s,defer_ok

This makes exim to verify that the sender is a valid user on the remote
system, although, this gives problems with some broken MTAs which give
you a 5xx error when testing an address with an empty sender. You can do
similar thing for the recipient to check if is valide before the message
is accepted, so you don't need to generate a bounce.

> however, I don't want a load of bounce messages for the spam that probes
> non-local addresses.
>
> I have a load of domains that I relay for (together with a few hosts).
> This is manifestly wrong, but I don't seem to have the brain power or
> understanding to fix it.
>
> check_recipient:
> accept hosts = :127.0.0.0/8
> require verify = sender

verify = sender just checks that the sender domain is a valid domain, or
that you can email anything to that server. It does NOT check for the
user on the remote syste, you need a callout for that.

>   deny    message = unrouteable address
>           !verify = recipient
>   accept  domains = +local_domains
>   deny    message = unrouteable address
>           verify = recipient
>   accept  domains = +relay_domains
>   accept  hosts = +relay_hosts
>   deny    message = relay not permitted

>
> --
> Please Note: Some Quantum Physics Theories Suggest That When the
> Consumer Is Not Directly Observing This Product, It May Cease to
> Exist or Will Exist Only in a Vague and Undetermined State.
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
>
>



--


Fernando Sanchez
Dpto. Sistemas USFQ