Re: [exim] Mail relaying

Inizio della pagina
Delete this message
Reply to this message
Autore: Phil Pennock
Data:  
To: Muhammed afsal
CC: exim-users
Oggetto: Re: [exim] Mail relaying
On 2008-01-08 at 15:51 +0400, Muhammed afsal wrote:
> The gateway server should relay mails from any domain, any hosts to test.com(
> test.com only ).
> ie No one can ( Except the users at the domain test.com ) send mails ( with
> an ID fake@???) to other domains ( example: mailladdr@??? )
> through the gateway server.


(test.com is a registered domain belonging to an existing company;
example.com is one of the domains explicitly reserved to be safe to use
in examples).

This is the sort of setup which the stock configuration supplied with
Exim does really well. You'd put example.com into the local_domains
domainlist and the internal IP address block of the allowed senders into
the relay_from_hosts hostlist.

> # sender domains whitelist
> # accept if sender domain is in whitelist
>
> accept sender_domains = +whitelist_domains // This for whitelisting
> required domains to bypass acl check, "test.com" is included
> set acl_m_spam_bypass = 1
> endpass
> accept hosts = +whitelist_hosts


Those are two separate stanzas, because there are two separate verbs
("accept", twice) despite being written as one block. Did you mean:

  accept sender_domains = +whitelist_domains
         hosts = +whitelist_hosts
     set acl_m_spam_bypass = 1
     endpass


?

I really hope that you meant what I wrote.

> # sender whitelist
> # accept if sender is in whitelist
>
> accept senders = +whitelist_senders //This for whitelisting required s
> enders to bypass acl check, "test.com" is included
> set acl_m_spam_bypass = 1
> endpass


This one is also a problem. You're letting anyone who claims to be one
of your whitelisted senders relay mail through you. Consider, at a very
minimum, adding: authenticated = *

The configure.default provided with Exim is sane and safe; that should
be your reference point. Every time you make a change to ACLs from
those in the default, you should understand what and why. ACLs are very
powerful, but that power comes at a cost: it's possible to get it wrong
with bad consequences.

-Phil