Re: [exim] Protecting my Aliases from attacks

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: exim-users
Subject: Re: [exim] Protecting my Aliases from attacks
On Fri, Aug 07, 2009 at 11:37:26AM -0500, Exim wrote:
> I have a situation where I have a group of aliases that I only want
> accessable to my local users. BUT I still have my standard aliases
> (ap@???, etc) that I want to continue using.
>
> I know I can create multiple alias files, but what I need is a way in the
> configure file to say "Only let THESE hosts (or these email addreses) send
> emails to addresses referenced in this alias list".


So do you want

- one set of aliases which are valid from anywhere
- another set which are valid only from within the company

i.e. all of the "restricted" aliases have the same conditional logic?

If so then (making some guesses about what your config file looks like) just
duplicate the router that currently handles your aliases file, and in the copy
give the router a new name, change which aliases file it looks at (don't
forget to create that aliases file), and add a condition which only matches if
the message came from within the company. Then move whatever aliases need to
be restricted into that other aliases file.

For example, the condition could be something using ${if match_ip ...} and
$sender_host_address. Or $auth*, if you use SMTP AUTH.

Make sure your RCPT acl uses "require verify = recipient", of course.

Regards,

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey