Grant Peel wrote:
> Hi all,
>
> I have a number of domains that the MX is set to an outside spamfiltering server. These domains are still getting spam that is being sent directly to our servers, thus bypassing the spamfiltering.
>
> Now in order for use to accept email from the spamfiltering service, I need to accept mail for that domain.
>
> Is there a was to tell the mailserver to only accept mail for those domains that comes from specific hosts?
>
I wrote an example for our service/customers here
https://www.onlymyemail.com/support/helpful_hints/corporate/sample_exim_configuration.txt
It's pretty basic, might not fit what you're trying to do. If your
dealing with a mix of filtered and not filtered domains on the same
server I'd recomend setting up a domain list with the domains that are
filtered, and then doing the ACL check at RCPT time comparing the
sending host to the host list of your filtering service.
Here's what I use on the server that hosts my vanity domain and a couple
others.
# This access control list is used for every RCPT command in an
# incoming SMTP message. The tests are run in order until the
# recipient address is either accepted or denied.
acl_rcpt_to:
# Accept mail received from local sources
accept hosts = : +relay_from_hosts
# Accept if the message arrived over an authenticated connection,
# from any host. These messages are usually from MUAs, so
# recipient verification is omitted.
accept authenticated = *
# Temporarily reject mail for accounts that are deactivated
defer message = Account disabled, please try again later.
domains = +local_domains
condition = ${lookup
mysql{MYSQL_DISABLED_ACCOUNT_QUERY}}
# If the domain has external filtering accept mail from them
accept domains = +filtered_domains
hosts = +filtering_hosts
verify = recipient
# Don't accept mail for filtered domains not from their
respective filter service
deny message = Please use the public MX server for
the domain $domain
domains = +filtered_domains
hosts = !+filtering_hosts
# Deny local parts with restricted characters
deny message = Restricted characters in address
domains = +local_domains:+relay_to_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains:!+relay_to_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
# Accept mail for local domains, deny unknown users
accept domains = +local_domains
verify = recipient
deny message = User unknown: $local_part@$domain
domains = +local_domains
!verify = recipient
delay = 60s
# Accept mail for domains we relay for, deny if verification fails
accept domains = +relay_to_domains
verify = recipient/callout=30s,defer_ok,,use_sender
deny message = $acl_verify_message
domains = +relay_to_domains
delay = 60s
# Deny everything else
defer message = Relay prohibited, SMTP authentication
required
Hope that helps
-Bryan Rawlins
OnlyMyEmail Inc.
