> >> I am trying to set up exim so that it only allow SMTP connections from
> >> certain IPs. Say, I
> >> want to serve only smtp requests sent from 12.34.56.* and 23.45.67.*
>
> >So you do not expect mail from the internet?
>
> Sorry if I didn't make it clearer.
>
> Yes, I do expect mail from the internet, but I don't want users to be able
> to use the SMTP server to send e-mail if they are outside of my local
> network(s), even if they have local e-mail accounts.
>
> For example, a user can only send e-mail through the server if his request
> is from IP
> within 12.34.56.1 - 12.34.56.255 or 23.45.67.1 - 23.45.67.255.
>
> I realize that I can disable connection at firewall level, but I suppose
> that I can do it from Exim as well?
Unfortunately, exim does not differentiate between your users and other MTAs
on the internet. IIRC, no MTA on the internet does this. If you only
accept for the range you stated above, you will not accept mail from the
internet.
> > accept hosts = 12.34.56.*
> > hosts = 23.45.67.*
> > endpass
>
> >This is impossible. try:
> >hosts = 12.34.56.0/24 : 23.45.67.0/24
> What does the line above do? In particular, what the semantics of "/" here?
This is a netblock. The range of a /24 netblock is .0 to .255
the 24 is the number of bits in the netblock.
it is equivilant to a netmask of 255.255.255.0 but way easier to type and
less prone to errors (IMO). The highest number (in IPv4) is 32 which means
a single host, but with exim, you don't need to use /32 for a single host.
The reason I flattened your acl from 2 host statements to 1 is:
if you use
accept hosts = 12.34.56.*
hosts = 23.45.67.*
...
It does this:
Is IP in 12.34.56.*? if yes, is IP in 23.45.67.*? if yes it's impossible.
My way:
hosts = 12.34.56.0/24 : 23.45.67.0/24
It does this:
Is IP in 12.34.56.0/24 or 23.45.67.0/24? ...
each condition in an ACL must be true before the accept/deny/etc will work.
--
Lab tests show that use of micro$oft causes cancer in lab animals
