Author: Ian Eiloart Date: To: Mike Meredith, exim-users Subject: Re: [exim] Punishing malformed HELO at acl_smtp_rcpt level?
--On 10 January 2007 13:12:54 +0000 Mike Meredith
<mike.meredith@???> wrote:
> Sometime around Wed, 10 Jan 2007 11:45:13 +0000, it may be that Ian
> Eiloart wrote:
>> > acl_smtp_rcpt = check_recipient_${if eq {$interface_port}{25}
>> > {mta}{msa}}
>>
>> What about people doing message submission on port 25? The fact that
>> you provide port 587 for MSA doesn't mean that people are bound to
>> use it.
>
> I provided an example of how *I* do it, and we do insist that people do
> message submission on 587 (and 465) ... we've long maintained that we
> do not support users submitting directly to tcp/25 because of the
> stringent checking that goes on there.
>
>> We provide MSA on a different set of IP addresses. It certainly keeps
>> our MSA logs clear of spam rejections, cos spammers don't even
>> attempt to connect to our MSA server - even on port 25!
>
> You could still do different ACLs for different interface addresses.
I do. In fact, I have different configuration files completely for these
reasons:
1. Screwing up the MX config simply causes inbound mail to be queued
remotely (except the spam, which magically goes away!). However, I need to
do it quite often because of changing spam requirements.
2. Screwing up the MSA config causes my users pain, but I don't often need
to do it because it doesn't contain any spam filtering (it does filter
viruses, though).