Re: [exim] Drop all traffic unless authenticated users OR sp…

Etusivu
Poista viesti
Vastaa
Lähettäjä: Bleurgh
Päiväys:  
Vastaanottaja: exim-users
Aihe: Re: [exim] Drop all traffic unless authenticated users OR specific IP ?

That section currently contains a load of stuff for mailman and some ACL
"plugins" for rate limiting, whitelisting, spam filtering etc.

Here it is...................

#!!# ACL that is used after the RCPT command
check_recipient:

# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.

[% ACL_RATELIMIT_BLOCK %]

accept hosts = :

accept hosts = +skipsmtpcheck_hosts


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}



  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}
\
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}
\
                {yes}{no}}


  #if it gets here it isn't mailman
# deny must be on the same line as hosts so it will get removed by
buildeximconf if turned off
    deny hosts = ! +senderverifybypass_hosts
       ! verify = sender/callout=60s



  accept  hosts = *
          authenticated = *


  #if they poped before smtp we just accept
  accept  condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if
eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
          add_header = ${if
exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}


  accept  hosts = +relay_hosts
          add_header = ${if
exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}




[% ACL_WHITELIST_BLOCK %]

[% ACL_RBL_BLOCK %]

[% ACL_TRUSTEDLIST_BLOCK %]

[% ACL_PRE_RECP_VERIFY_BLOCK %]

#recipient verifications are required for all messages that are not sent to
the local machine
                        #this was done at multiple users requests
                        require verify = recipient 



  # The only problem with this setup is that if the message is for multiple
users on the same server
  # and they are on different unix accounts, the settings for the first
recipient which has spamassassin enabled will be used.
  # This shouldn't be a problem 99.9% of the time, however its a very small
price to pay for a massive speed increase.
  warn  domains = ! ${primary_hostname} : +local_domains
         condition = ${if <= {$message_size}{[% ACL_MAX_SPAM_SCAN_SIZE
%]K}{${if eq {${acl_m0}}{1}{0}{${if
exists{/etc/global_spamassassin_enable}{1}{${if
exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
         set acl_m0    = 1
         set acl_m1    =
${lookup{$domain}lsearch*{/etc/userdomains}{$value}}


  warn  domains = ${primary_hostname}
          condition = ${if <= {$message_size}{[% ACL_MAX_SPAM_SCAN_SIZE
%]K}{${if eq {${acl_m0}}{1}{0}{${if
exists{/etc/global_spamassassin_enable}{1}{${if
exists{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
          set acl_m0    = 1
          set acl_m1    = $local_part


accept domains = +relay_domains

  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication
turned on in your email client.




--
View this message in context: http://www.nabble.com/Drop-all-traffic-unless-authenticated-users-OR-specific-IP---tp15086940p15090256.html
Sent from the Exim Users mailing list archive at Nabble.com.