RE: [Exim] question about ACL

Pàgina inicial
Delete this message
Reply to this message
Autor: Liu Shuai
Data:  
A: Hunte Swee, exim-users
Assumpte: RE: [Exim] question about ACL
Uh-oh...
I guess I should read some more about SMTP protocol.

Yes, I am a Chinese.
LS

-----Original Message-----
From: Hunte Swee [mailto:hunte@tplife.com]
Sent: Friday, December 12, 2003 1:06 AM
To: Liu Shuai; exim-users@???
Subject: Re: [Exim] question about ACL


The question is so interesting.

You do expect mail from the internet, but dont't allow user to send email
outside of your lan, so? If yes, I think you can't accomplish this. Why? As
you wish, a connection should be established from internet, outsise of your
LAN, bu exim, your MTA couldn't distingish the connection was made by
another MTA or your user outsize of your LAN. At this point, it is
impossible.

Is it right?

P.S.: Your name seems a Chinese one. Are you a Chinese?

----- Original Message -----
From: "Liu Shuai" <shuai@???>
To: <exim-users@???>
Sent: Friday, December 12, 2003 11:34 AM
Subject: RE: [Exim] question about ACL


> Thank you for the response.
>
> >> I am trying to set up exim so that it only allow SMTP connections from
> >> certain IPs. Say, I
> >> want to serve only smtp requests sent from 12.34.56.* and 23.45.67.*
>
> >So you do not expect mail from the internet?
>
> Sorry if I didn't make it clearer.
>
> Yes, I do expect mail from the internet, but I don't want users to be able
> to use the SMTP server to send e-mail if they are outside of my local
> network(s), even if they have local e-mail accounts.
>
> For example, a user can only send e-mail through the server if his request
> is from IP
> within 12.34.56.1 - 12.34.56.255 or 23.45.67.1 - 23.45.67.255.
>
> I realize that I can disable connection at firewall level, but I suppose
> that I can do it from Exim as well?
>
> > I changed the accept hosts line in the following section
> >
> > #!!# ACL that is used after the RCPT command
> > check_recipient:
> > # Exim 3 had no checking on -bs messages, so for compatibility
> > # we accept if the source is local SMTP (i.e. not over TCP/IP).
> > # We do this by testing for an empty sending host field.
> > accept hosts = :
> >
> > to be
> > accept  hosts = 12.34.56.*
> >         hosts = 23.45.67.*
> >         endpass

>
> >This is impossible. try:
> >hosts = 12.34.56.0/24 : 23.45.67.0/24
> What does the line above do? In particular, what the semantics of "/"

here?
>
> Thank you for your time.
>
> LS
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim

details at http://www.exim.org/ ##
>
>
>