On 12/27/08 9:08 AM, "Lena@???" <Lena@???> wrote:
>> From: Frank DeChellis
>
>> I have my SMTP restrict to hosts listed in relay_from_hosts, that works
>> simply enough.
>>
>> When I try to restrict senders by domain
>
> What do you mean under "restrict senders by domain"? Please elaborate.
>
What I meant was even if somebody was using a permitted IP address their
mail must still have a domain listed in local_domains . So an infected user
could not unknowingly send out mail through our SMTP because the from: field
has an invalid domain.
>> Then later I added the 2 lines that are bold:
>
> This mailing list is plaintext only, bold isn't shown.
>
>> acl_check_rcpt:
>>
>> accept hosts = :
>> deny local_parts = ^.*[@%!/|]
>> accept local_parts = postmaster
>> domains = +local_domains
>> accept domains = /usr/pkg/etc/exim/never_filter_domains
>
> The "accept domains" is a bad idea. Don't do that.
> It means that if a spammer writes one of these domains in MAIL FROM
> (spammers almost always lie there) then your server sends out that spam
> to as many recipients as the spammer specified. Instead:
>
> require verify = sender
> accept hosts = +relay_from_hosts
> control = submission/domain=
> accept authenticated = *
> control = submission/domain=
> (checking RBLs here)
>
> If you want to forbid your authenticated users to send messages
> with any sender email address and allow only some domains in
> sender email address then insert one line after "accept authenticated":
>
> accept authenticated = *
> domains = +sender_domains
> control = submission/domain=
Frank DeChellis
President, Internet Access Worldwide
Welland, Ontario, Canada
www.iaw.com
