On Mon, 24 Jul 2006, Marc Haber wrote:
> I think that the same can be accomplished with the following ACL:
> (1) Accept local SMTP
> (2) Deny restricted characters in recipient addresses
> (3) Accept postmaster
> (4) Verify Sender
> (5) Accept relay_from_hosts
> (6) Accept authenticated
> (7) Deny invalid recipients ("deny !verify=recipient")
> (8) DNS Black Lists
> (9) CSA
> (A) Accept local domains
> (B) Accept relay_to_domains
> (C) Deny relay not permitted.
I was waiting to see if anybody else commented on this thread, but I
don't think anybody has.
This seems to me to be reasonable. The order of tests was changed at
various times. The original 4.00 order was
(1) Accept local SMTP
(2) Deny restricted characters in recipient addresses
(3) Accept postmaster
(4) Verify Sender
(5) Accept local domains if recipient verifies, else bounce
(6) Accept relay_to_domains if recipient verifies, else bounce
(7) Accept relay_from_hosts
(8) Accept authenticated
(9) Deny relay not permitted.
Around 4.40 the commented-out DNSBL checks were included, and in 4.50
their position was moved ... no doubt without really thinking about the
verification issue.
Unless somebody objects (reasonably!), I'll make this change.
--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book