Hi,
I run SMTP relay for several domains under exim 4.20 , everything works
great regarding policy control against relay, except for one case. Indeed,
for example the relay_domains the smtp server runs is foo.com, and if i
telnet the smtp from internet (not from my local network), but via an public
IP address, i could send mail to some_address@??? with a MAIL
FROM:some_address@???
That's my problem, because, anyone from internet could fake some of our
address to send an email to another userid in our domains. How could we
block this action ?
Action : Do not accept to send mail from some_address@??? to
some_address@??? except from our local_network hosts.
Regarding the Docs/FAQ, the condition accept hosts = +relay_from_hosts
seems to only apply if
domains to send to are not listed in local_domains or relay_domains.
I would like to use the same condition in the case of mail from and rcpt to
are some_adresse@???
Here is my ACL conf :
-------------------------
domainlist local_domains = @
domainlist relay_to_domains = /etc/relay_to_domains
hostlist relay_from_hosts = /etc/relay_from_hosts
acl_smtp_rcpt = acl_check_rcpt
acl_check_rcpt:
accept hosts = :
deny local_parts = ^.*[@%!/|] : ^\\. :
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny message = rejected because $sender_host_address is in a black list
at $dnslist_domain\n$dnslist_text
dnslists = ordb.org
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted
# The routers section :
dnslookup:
driver = dnslookup
domains = ! +relay_to_domains
transport = remote_smtp_filter
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
send_to_mail_server:
driver = manualroute
transport = remote_smtp
domains = +relay_to_domains
route_data = ${lookup{$domain}lsearch{/etc/route-domains}}
filter_remote:
driver = dnslookup
transport = remote_smtp_filter
condition =
${lookup{$sender_address_domain}lsearch{/etc/relay_to_domains} {1}{0}}
-------------------------
Thanks for your support.
