Re: [Exim] ACL : need help on a relay

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [Exim] ACL : need help on a relay
On Wed, Nov 05, 2003 at 10:38:57PM +0100, Tony OGER wrote:
> I run SMTP relay for several domains under exim 4.20 , everything works
> great regarding policy control against relay, except for one case. Indeed,
> for example the relay_domains the smtp server runs is foo.com, and if i
> telnet the smtp from internet (not from my local network), but via an public
> IP address, i could send mail to some_address@??? with a MAIL
> FROM:some_address@???


Lets assume there is exec@??? and secretary@???. Now
exec@??? goes to a business conference in Las Vegas and sends a
summary to secretary@???. Do you want to reject this mail?

Or if there is bob@??? that only recently was employed at
foo.com and got his bob@??? address. Now he forwards all mail from
bob@??? to bob@???. exec@??? sends mail to
bob@???. - Do you want to reject this mail?

> That's my problem, because, anyone from internet could fake some of our
> address to send an email to another userid in our domains. How could we
> block this action ?
> Action : Do not accept to send mail from some_address@??? to
> some_address@??? except from our local_network hosts.


in the rcpt acl:
deny domains=foo.com
     sender_domains=devoteam.com
     hosts = !+relay_from_hosts


Straightforward. Where is the problem?
               cu andreas