Re: [exim] Blocking external emails.

Top Page
Delete this message
Reply to this message
Author: Magnus Holmgren
Date:  
To: exim-users
Subject: Re: [exim] Blocking external emails.
Tuesday 16 May 2006 12:33 skrev John Clement:
> What's wrong with this picture... The current config reads:


What's wrong is that you should use ACLs to restrict access, and host IP
addresses or user authentication rather than trivially spoofable addresses in
the mail header, if that's what you mean by "the ReadingRoom network". Of
course, your security requirements might not be that strong.

Example:

deny local_parts = all : london : manchester : sydney
     domains = readingroom.com
     !hosts = <addresses of hosts allowed to send>


> if ($header_to:,$header_cc:,$header_bcc) matches
> "all@readingroom\.com|london@readingroom\.com|manchester@readingroom\.co
> m|sydney@readingroom\.co
> m" and not
>    $header_from matches "\@r(eading)?room\.(co\.uk|com|net)"
> then
>   fail "You must be within the ReadingRoom network to send email to our
> mailing lists\n"
> Endif


To answer your direct question, you should use the foranyaddress construct
here:

if foranyaddress $h_to:,$h_cc: ( $thisaddress matches ^(all|london|manchester|
sydney)@readingroom\.com$ ) ...

but the contents of To:, Cc: etc. doesn't necessarily have anything to do with
where the message is delivered (except when exim is run locally with the -t
parameter). $local_part and $domain are better variables to check, except
that in system filters these are not necessarily set if the same message is
delivered to more than one destination.

--
Magnus Holmgren
holmgren@???