Re: [exim] Help with a custom ACL

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMike Sprague at <-
M 
Delete this message
Reply to this message
Author: Dan_Mitton
Date:  
To: Mike Sprague
CC: exim-users
Subject: Re: [exim] Help with a custom ACL
Depends on how granular you need to be. Mike's solution might allow
something like:

domain1 is filtered by filter1
domain2 is filtered by filter2

someone sends mail to filter2, directed at the domain1 domain.

if you need to be more granular, maybe something like

hosts=${lookup {$domain} lsearch{a-domain-host-file}{$value}}

and have a-domain-host-file contain:

domain1 filter1-host1:filter1-host2:...
domain2 filter2-host1:filter2-host2:...

of course, this could be a database lookup, etc.

Dan 



Sent by:        exim-users-bounces@???
To:     exim-users@???
cc:      (bcc: Dan Mitton/YD/RWDOE)
Subject:        Re: [exim] Help with a custom ACL
LSN: Not Relevant
User Filed as: Not a Record


Server Craft wrote:
> Hi,
>
> I was directed here by cPanel support after searching pretty much
everywhere
> for a solution to this problem. I am looking for help with a custom ACL
for
> restricting incoming mail traffic to specific domains to only come from
> specific IP ranges.
>
> Background:
> I run a small web hosting service based on cPanel VPS servers. Some of
my
> clients use hosted spam filtering services such as MXLogic or Postini.
To
> make mails to those domains only come from their filtering servers, I am
> asked to specify IP ranges of the Postini and MXLogic filtering servers
in
> my email server or VPS firewall so that spammers cannot contact the
> mailservers of the domains hosted on my VPS directly and thus bypass the
> filtering service.
>
> But, the problem with filtering through my firewall is two-fold:
>
> 1. If I restrict mail traffic on Port 25 to come only from certain IP
> ranges, it applies to ALL email coming into the server. Thus it would
lock
> down inbound email independent of domain. Not all the clients on my VPS
opt
> for such filtering, so this method is unviable.
>
> 2. My VPS servers only have a software firewall (CSF) and it's does not
> accept host names, only IP addresses.
>
> So, it seems the solution is through a custom ACL for those domains
using
> hosted spam filtering services. Is there an individual or company that
can
> provide consulting on this requirement?

What about something like: 

deny
  message     = only accept messages from certain servers
  domains     = LIST of DOMAINS or a database or a file
  hosts       = ! LIST of IPs or a database or a file


Basically, you have a list of domains that use each 3rd party filtering
service. You have a corresponding list of the IPs used by that 3rd
party filtering service. Deny if the recipient is on a 3rd party
service but the incoming IP is not in the IP list for that 3rd party
service.

The list could be in a flat file or a database or if it's short enough,
you could just put it in the exim config. How you store the list would
determine how you query it in the ACL.

BTW, you would put these ACLs in the acl_smtp_rcpt section.

thanks,
mikeS

--
Michael F. Sprague
mfs@???

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Help with a custom ACL[exim] exim FAQ - question Q0427->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)