On Thu, 21 Sep 2006, John Robinson wrote:
> Yes, it's possible, and it's not too hard, but with the config change I
> suggested before you wouldn't need to.
> You sound as if you'd rather not change your config at all, but Exim's
> relatively easy to configure, so why not?
Because, I quote:
"Well, you could just
deny domains = those_domains
!hosts = +allowed_hosts
but if I understand correctly, that would also stop accepting mail for
those_domains from any relay_from_hosts or authenticated users, which
may not be the desired effect."
Yes, I need to accept connections from authenticated users.
> Actually, I also wonder, why does it matter whether you accept messages
> directly from all over the 'net for your filtered domains? The facility
> will presumably won't be advertised (i.e. MX records in the DNS), so
> it's unlikely to present any major threat if you just accept from anywhere.
I can tell there's stuff being sent directly to Exim; those messages bear
none of the headers that they'd have if they came through the spam
filters.
I only made the change recently, and I'll bet there's a lot of ratware out
there that still has the old MX record cached. justthe.net is a good
example; the MX records all point to cleanmessage.com now, but there is
still spam coming directly to mx.justthe.net (my Exim box) even though it
is not publically advertised in DNS anymore.
--
Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows
Apple Valley, California PGP:0xE3AE35ED
It's all fun and games until someone starts a bonfire in the living room.