Author: Jakob Hirsch Date: To: 'Exim-users' Subject: Re: [exim] Better way to write this condition?
Troy Engel wrote:
> I have a series of routers that basically protects internal aliases (ie
> 'staff@???') from external email, unless your domain is listed in
> a file (ie personal employee domains). The simple one, for example:
Why in routers? ACLs would be probably more suitable for that.
> This isn't completely bulletproof; what I'd like to do is enhance it to
> use $sender_host_address against $sender_address_domain (to make sure
> they're not faking it, ie setting "From: billybob@???") in some
> fashion - check that IP out for real.
You can use
${if match_domain {$sender_host_name}{*.fluid.com} {1}{0}}
but your dns must be really fine (e.g. matching forward and reverse
entries) for that.
It would be much better if you knew all networks of eligible senders,
put them into a hostlist and allow them to send to the restricted
addresses (similar to the ACL for relay_from_hosts in the default config).
> Also, the above approach doesn't allow wildcards, I have to list each
> allowed subdomain machine in the domains.trusted; what I'd like is to
> allow *.fluid.com for instance, and somehow still use
> $sender_host_address against $sender_address_domain to verify they
> really are from fluid.com.
I don't really know what you mean here, but partial-lsearch is probably
what you are looking for.