Re: [Exim] disabling a system user

Top Page
Delete this message
Reply to this message
Author: JupiterHost.Net
Date:  
To: Greg Folkert
CC: EximUser List
Subject: Re: [Exim] disabling a system user
[snip]

>>From the default exim conf:
>
>         # This access control list is used to determine whitelisted
>         # senders and hosts. It checks for CONFDIR/local_host_whitelist
>         # and # CONFDIR/local_sender_whitelist.
>         #
>         # It is meant to be used from some other acl entry.
>         #
>         # For example,
>         # deny message = local blacklist example
>         #      !acl = acl_whitelist
>         #      dnslist = some.dns.list.example
>         # will allow messages with envelope sender listed in
>         # local_sender_whitelist or messages coming in from hosts listed
>         # in local_host_whitelist to be accepted even if the delivering
>         # host is listed in the dns list.
>         #
>         # Whitelisting can also be configured by including negative
>         # items in the black list. See
>         # /usr/share/doc/exim4-config/default_acl for details.
>         #
>         # If the files do not exist, the white list never matches, which
>         # is the desired behaviour.

>
> and from /usr/share/doc/exim4-config/default_acl
>
>         Access Control in the default configuration
>         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         The Debian exim 4 package comes with a default configuration
>         that allows flexible access control and blacklisting of sites
>         and hosts. The acls involved can be found in
>         /etc/exim4/conf.d/acl with the file names
>         20_exim4-config_whitelist_local_deny and
>         30_exim4-config_check_rcpt, thus all rejections of messages due
>         to this mechanism happen at RCPT time. Local configuration of
>         the mechanisms happen through data files in /etc/exim4, so there
>         is normally no need to change the files in the acl subdirectory.

>
>         /etc/exim4/local_sender_blacklist contains a list of envelope
>         senders whose messages will be denied with the error message
>         "locally blacklisted".  This is a full exim 4 address list, and
>         all available features can be used. This includes negative
>         items, and so it is possible to exclude addresses from being
>         blacklisted. For convenience, as an additional method to
>         whitelist addresses from being blocked, an explicit whitelist is
>         read in from /etc/exim4/local_sender_whitelist. Entries in the
>         whitelist override corresponding blacklist entries.

>
>         In the blacklist, the trick is to read a line break as "or" if
>         it follows a positive item, and as "and" if it follows a
>         negative item.

>
>         For example, a /etc/exim4/local_sender_blacklist

>
>         domain1.example
>         !local@???
>         domain2.example
>         domain3.example

>
>         Exim just evaluates left to right (or up-down in the file
>         listing context), so you don't get the same kind of operator
>         binding as in a programming language.

>
>         /etc/exim4/local_host_blacklist contains a list of IP addresses,
>         networks and host names whose messages will be denied with the
>         error message "locally blacklisted". This is a full exim 4 host
>         list. Again, negative items can be used here, and there is also
>         an explicit whitelist read in from
>         /etc/exim4/local_host_whitelist, and whitelist entries override
>         blacklistings.

>
>         The example access list shipped in
>         /usr/share/doc/exim4-config/examples/acl/30_exim4-config_example_check_rcpt
>         includes a bunch of dnslists configured to warn and/or deny
>         incoming messages. Some of these lists have a corresponding
>         whitelist, read in from /etc/exim4/local_$DNSLISTNAME_whitelist
>         which allows the local administrator to override dnslist entries
>         for domains or IP addresses that should be able to send mail
>         despite the dnslist entry.

>
> If you need more info, please consider looking in spec.txt, as it
> explains all of this. Or get Phillip's book on exim4. I did, never
> regretted it (still don't in fact).


Thanks greg! Excellent info, now I have soemthings to look into and try out.

I really appreciate it :)


> --
> greg, greg@???
>
> The technology that is
> Stronger, better, faster: Linux