That section currently contains a load of stuff for mailman and some ACL
"plugins" for rate limiting, whitelisting, spam filtering etc.
Here it is...................
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
[% ACL_RATELIMIT_BLOCK %]
accept hosts = :
accept hosts = +skipsmtpcheck_hosts
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}
\
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}}
\
{yes}{no}}
#if it gets here it isn't mailman
# deny must be on the same line as hosts so it will get removed by
buildeximconf if turned off
deny hosts = ! +senderverifybypass_hosts
! verify = sender/callout=60s
accept hosts = *
authenticated = *
#if they poped before smtp we just accept
accept condition = ${if
match_ip{$sender_host_address}{iplsearch;/etc/relayhosts}{1}{${if
eq{$sender_host_address}{127.0.0.1}{1}{0}}}}
add_header = ${if
exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}
accept hosts = +relay_hosts
add_header = ${if
exists{/etc/eximpopbeforesmtpwarning}{${perl{popbeforesmtpwarn}{$sender_host_address}}{}}
[% ACL_WHITELIST_BLOCK %]
[% ACL_RBL_BLOCK %]
[% ACL_TRUSTEDLIST_BLOCK %]
[% ACL_PRE_RECP_VERIFY_BLOCK %]
#recipient verifications are required for all messages that are not sent to
the local machine
#this was done at multiple users requests
require verify = recipient
# The only problem with this setup is that if the message is for multiple
users on the same server
# and they are on different unix accounts, the settings for the first
recipient which has spamassassin enabled will be used.
# This shouldn't be a problem 99.9% of the time, however its a very small
price to pay for a massive speed increase.
warn domains = ! ${primary_hostname} : +local_domains
condition = ${if <= {$message_size}{[% ACL_MAX_SPAM_SCAN_SIZE
%]K}{${if eq {${acl_m0}}{1}{0}{${if
exists{/etc/global_spamassassin_enable}{1}{${if
exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
set acl_m0 = 1
set acl_m1 =
${lookup{$domain}lsearch*{/etc/userdomains}{$value}}
warn domains = ${primary_hostname}
condition = ${if <= {$message_size}{[% ACL_MAX_SPAM_SCAN_SIZE
%]K}{${if eq {${acl_m0}}{1}{0}{${if
exists{/etc/global_spamassassin_enable}{1}{${if
exists{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/.spamassassinenable}{1}{0}}}}}}}{0}}
set acl_m0 = 1
set acl_m1 = $local_part
accept domains = +relay_domains
deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication
turned on in your email client.
--
View this message in context:
http://www.nabble.com/Drop-all-traffic-unless-authenticated-users-OR-specific-IP---tp15086940p15090256.html
Sent from the Exim Users mailing list archive at Nabble.com.
