On 2006-02-15 at 11:49 -0000, Edward Kay wrote:
> I want to stop any hosts that I don't explicitly allow from accessing my
> SMTP server.
Move the problem out of the Exim configuration logic to keep things
simple. If there is no legitimate reason for any server to directly
contact your host (and you've put in MX records for your _host_ which
point to the real servers, too, to ensure this) then simply don't accept
a connection from unauthorised hosts.
Either
(1) Rebuild Exim against libwrap from the TCP Wrappers project. Search
for USE_TCP_WRAPPERS in the default src/EDITME / Local/Makefile
config.
Or
(2) Use packet-filtering rules, which you're likely to have a config
panel for already (I don't know CPanel, sorry).
Or use both.
I recommend using the packet filter to make the port appear closed.
That way potentially malicious packets won't even reach the server code.
--
I am keeping international relations on a peaceable footing.
You are biding your time before acting.
He is coddling tyrants.
-- Roger BW on topic of verb conjugation
