Author: Giuliano Gavazzi Date: To: Hochstrasser Benedikt, exim-users CC: Subject: RE: [exim] Do not accept messages to <someuser@myname.company.org>
At 12:29 am +0100 2004/11/05, Hochstrasser Benedikt wrote: >Giuliano Gavazzi wrote:
>
>> yes, but the acl above is incomplete. It should also say:
>>
>> domains = +relay_to_domains
>>
>> so that if it is not an address in a domain you relay to, it
>> goes to the final deny catch-all.
>
>What happens to outbound mail then? Plus, I allow relay from
>authenticated hosts...
>
are you are asking: what happens to outbound mail that is unroutable?
That is usually dealt with in either of two ways:
1) everything is accepted from trusted hosts or authenticated users.
Bounces are generated for undeliverable messages. (If you do not
trust your users though you should make sure they do not forge the
sender, as discussed in another thread today).
2) the routing for every message, except obviously local messages but
you have none, is checked. If you do not relay from any host, but
only from authenticated senders, you can single them out in an acl
where you verify the recipient routing. You will still get the
temporary error if they try to send to the FQDN of the mailhost.
There is a solution though:
and if someone adds an MX to your host for his rogue domain, you can still do:
dnslookup:
driver = dnslookup
domains = !myhostname.company.org
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : [...] : your.server.ip <<< this should do it
no_more