Re: [exim] Restricting senders by domains?

Top Page
Delete this message
Reply to this message
Author: Frank DeChellis
Date:  
To: Lena, exim-users
Subject: Re: [exim] Restricting senders by domains?



On 12/27/08 9:08 AM, "Lena@???" <Lena@???> wrote:

>> From: Frank DeChellis
>
>> I have my SMTP restrict to hosts listed in relay_from_hosts, that works
>> simply enough.
>>
>> When I try to restrict senders by domain
>
> What do you mean under "restrict senders by domain"? Please elaborate.
>


What I meant was even if somebody was using a permitted IP address their
mail must still have a domain listed in local_domains . So an infected user
could not unknowingly send out mail through our SMTP because the from: field
has an invalid domain.



>> Then later I added the 2 lines that are bold:
>
> This mailing list is plaintext only, bold isn't shown.
>
>> acl_check_rcpt:
>>
>>   accept  hosts = :
>>   deny    local_parts   = ^.*[@%!/|]
>>   accept  local_parts   = postmaster
>>           domains       = +local_domains
>>   accept domains = /usr/pkg/etc/exim/never_filter_domains

>
> The "accept domains" is a bad idea. Don't do that.
> It means that if a spammer writes one of these domains in MAIL FROM
> (spammers almost always lie there) then your server sends out that spam
> to as many recipients as the spammer specified. Instead:
>
>   require verify        = sender
>   accept  hosts         = +relay_from_hosts
>           control       = submission/domain=
>   accept  authenticated = *
>           control       = submission/domain=
> (checking RBLs here)

>
> If you want to forbid your authenticated users to send messages
> with any sender email address and allow only some domains in
> sender email address then insert one line after "accept authenticated":
>
>   accept  authenticated = *
>           domains       = +sender_domains
>           control       = submission/domain=



Frank DeChellis
President, Internet Access Worldwide
Welland, Ontario, Canada
www.iaw.com