Re: [Exim] Making sure authenticated SMTP always bypasses ac…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [Exim] Making sure authenticated SMTP always bypasses acl?
On Wed, Jan 21, 2004 at 11:01:13AM +0100, Jan Johansson wrote:
> > Yes,



> > No, that should be enough. However imho "acls are always bypassed" is
> > not something I would do, I would still at least try to verify the
> > recipient.


> Yeah, I know. But I am not sure how to do that, I mean, sure limit to
> domain or sender, but that can also be faked.


No, that was not what I was intending to convey, I meant "verify
recipient" in the meaning used in exim's ACL, that is checking whether
we are able to deliver mail to the address given as recipient at all.
Otherwise you need to (unnecessarily) generate a bounce which might be
undeliverable (because you did not verify the sender either).

For examle you would no want to accept mail from foo@???
sent to hjhj@??? as you cannot handle it.

> So, any tips on how to verify a roadwarrior that might very well
> show up from any IP whatsoever?


  accept  authenticated = *
          endpass
          message       = unrouteable address given as recipient
          verify        = recipient
          message       = unrouteable address given as sender
          verify        = sender


Untested.
               cu andreas


--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"