Re: [Exim] New multi-user exim4 config

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Suresh Ramasubramanian
日付:  
To: Marc MERLIN
CC: 'Exim-users'
題目: Re: [Exim] New multi-user exim4 config
Marc MERLIN [8/4/2003 6:37 AM] :

> The single hostfile is here:
> http://marc.merlins.org/linux/exim/files/exim4-conf/exim4.conf


much better than the huge mass of files that debian puts in (makes it
look uncomfortably like qmail - lots of files scattered all over a
directory) :)

now just one comment -

> RFC1918=10.0.0.0/8 : 172.16.0.0/12 : 192.168.0.0/16
> # To or from IPs we don't want to handle mail for (localhost/APIPA/test block)
> # Add RFC1918 for an internet only connected system
> BOGUSIPS=127.0.0.1/8 : 169.254.0.0/16 : 192.0.2.0/24 : RFC1918
> #BOGUSIPS=127.0.0.1/8 : 169.254.0.0/16 : 192.0.2.0/24


There's a much longer list actually. You might want to use Rob Thomas'
bogons.cymru.com, originally available as a bgp feed - but also as a
dnsbl - http://www.cymru.com/Bogons/#dns ...

In fact, you should be filtering such IPs at your border routers itself
- no way in hell you are going to see packets from these (RFC1918 IPs,
other bogons) inbound to your MX from outside your network.

Also - do source IP filtering in exim as well (typically on the HELO
string). If someone from outside your network connects direct to your
MX and HELOs as one of your IPs, your hostname, or as one of the domains
you host, then just drop the connection.

    srs