Re: [exim] Mail relaying

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Muhammed afsal
Datum:  
To: exim-users
Betreff: Re: [exim] Mail relaying
Hello Buddies,


I am afraid how can specify hostlist in my configuration file.

Because

My requirement is

The gateway server should relay mails from any domain, any hosts to test.com(
test.com only ).
ie No one can ( Except the users at the domain test.com ) send mails ( with
an ID fake@???) to other domains ( example: mailladdr@??? )
through the gateway server.




The following is acl_smtp_rcpt ACL in exim.conf


check_recipient:

accept hosts = :

deny local_parts = ^.*[@%!/|] : ^\\.

accept local_parts = postmaster
domains = +local_domains


# sender domains blacklist
# reject if sender domain is in blacklist

deny senders = +blacklist_senders
message = blacklisted sender: $sender_address

# sender domains whitelist
# accept if sender domain is in whitelist

accept sender_domains = +whitelist_domains // This for whitelisting
required domains to bypass acl check, "test.com" is included
set acl_m_spam_bypass = 1
endpass
accept hosts = +whitelist_hosts

# sender whitelist
# accept if sender is in whitelist

accept senders = +whitelist_senders //This for whitelisting required s
enders to bypass acl check, "test.com" is included
set acl_m_spam_bypass = 1
endpass

# SPF evaluation
# Reject the mails if the sender domain does not hace spf record

 deny
    message     = [SPF] $sender_host_address is not allowed to send mail \
                  from $sender_address_domain.
    log_message = SPF check failed.
    set acl_m9  = -ipv4=$sender_host_address \
                  -sender=$sender_address \
                  -helo=$sender_helo_name
    set acl_m9  = ${run{/usr/bin/spfquery $acl_m9}}
    condition   = ${if eq {$runrc}{1}{true}{false}}




# RBL Checking
# deny using RBL

deny message = Message rejected because $sender_fullhost is blacklisted at
$dnslist_domain see $dnslist_text :
!hosts = +whitelist_hosts
!authenticated = *
dnslists = dnsbl.njabl.org : bl.spamcop.net : sbl.spamhaus.org :
list.dsbl.org : cbl.abuseat.org : relays.ordb.org :

 accept  domains       = +local_domains
              endpass
              message       = unknown user
              verify        = recipient
              set acl_m0    = $local_part@$domain


  accept  domains       = +relay_domains    // Here I included the domain
test.com only
              endpass
              message       = unrouteable address
              verify        = recipient


  deny    message       = relay not permitted


accept

I think this explanation is sufficient for you ...


Thanks & regards,
Muhammed Afsal K.S


On Jan 8, 2008 1:33 AM, Dave Evans <exim-users-20071221@???> wrote:

> On Tue, Jan 08, 2008 at 01:18:01AM +0400, Muhammed afsal wrote:
> > Spammers configure a fake mail accout "fake@???" in an Outlook
> express"
> > mail as outgoing mail server as test.com. As there is no smtp
> authentication
> > in exim where mail server for test.com running, they can use account "
> > fake@???" to sent spam mails to another mail servers.
>
> In that case, the problem lies in your RCPT ACL. Basically, you need to
> control relaying by testing the connecting host's IP address ("hosts ="),
> not
> their claimed mail-from address ("senders ="). Read
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECTaclconditions
> for more.
>
> If you'd like advice more specific to your situation, please show
> us your RCPT ACL, and tell us what users /should/ be allowed to relay
> through
> your server - i.e. what IP ranges you trust, and whether or not you use
> authentication.
>
> --
> Dave Evans
> http://djce.org.uk/
> http://djce.org.uk/pgpkey
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFHgpqunYOJTU6nkkkRAmWDAJ4ki6eTL0Y/t0hOqr0M8gboRDbTiQCdEPtj
> oa+7wfbZ3krgBzMHASf3FIY=
> =+IEs
> -----END PGP SIGNATURE-----
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>