[Exim] ACL : need help on a relay

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\ 
MMAndreas Metzler at ->
Delete this message
Reply to this message
Author: Tony OGER
Date:  
To: exim-users
Subject: [Exim] ACL : need help on a relay
Hi,

I run SMTP relay for several domains under exim 4.20 , everything works
great regarding policy control against relay, except for one case. Indeed,
for example the relay_domains the smtp server runs is foo.com, and if i
telnet the smtp from internet (not from my local network), but via an public
IP address, i could send mail to some_address@??? with a MAIL
FROM:some_address@???
That's my problem, because, anyone from internet could fake some of our
address to send an email to another userid in our domains. How could we
block this action ?
Action : Do not accept to send mail from some_address@??? to
some_address@??? except from our local_network hosts.

Regarding the Docs/FAQ, the condition accept hosts = +relay_from_hosts
seems to only apply if
domains to send to are not listed in local_domains or relay_domains.
I would like to use the same condition in the case of mail from and rcpt to
are some_adresse@???

Here is my ACL conf :
-------------------------
domainlist local_domains = @
domainlist relay_to_domains = /etc/relay_to_domains
hostlist relay_from_hosts = /etc/relay_from_hosts
acl_smtp_rcpt = acl_check_rcpt

acl_check_rcpt: 

    accept hosts = :




deny local_parts = ^.*[@%!/|] : ^\\. :



accept local_parts = postmaster 

    domains = +local_domains


    require verify = sender


    deny message = rejected because $sender_host_address is in a black list
at $dnslist_domain\n$dnslist_text


    dnslists = ordb.org




accept domains = +local_domains 

    endpass


    message = unknown user


    verify = recipient




accept domains = +relay_to_domains 

    endpass


    message = unrouteable address


    verify = recipient




accept hosts = +relay_from_hosts



accept authenticated = * 

    deny message = relay not permitted


# The routers section :

dnslookup: 

    driver = dnslookup


    domains = ! +relay_to_domains


    transport = remote_smtp_filter


    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8


    no_more




send_to_mail_server: 

    driver = manualroute


    transport = remote_smtp


    domains = +relay_to_domains


    route_data = ${lookup{$domain}lsearch{/etc/route-domains}}




filter_remote: 

    driver = dnslookup


    transport = remote_smtp_filter


    condition =
${lookup{$sender_address_domain}lsearch{/etc/relay_to_domains} {1}{0}}


-------------------------



Thanks for your support.





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] rate limiting[Exim] ldap auth and subtree searching->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)