On 2009-10-23 at 22:28 +0000, d.hill@??? wrote:
> On a test server I have set up, I'm attempting to reject senders where
> the sender domain has an MX record pointing to an internal (or
> reserved) IP address. Reading the Exim documentation, this is what
> I've come up with:
>
[ snip complicated ACL rules ]
>
> /usr/local/etc/exim/reserved_ip_space has a list of IP address ranges
> in CIDR format of all the internal (or reserved) IP space.
>
> It is working as expected. I am just curious if there is an alternate
> or reduced way of performing the same results.
Yes. You don't route messages to those addresses. Then the "verify =
sender" in your ACL (somewhere), will fail and the message will be
rejected. The sender verify by default stops as soon as it has a method
of delivery which goes off-host, so you need a DNS lookup which lets the
dnslookup be used.
If you do not use a smarthost, then something like:
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = +bad_host_addresses
where +bad_host_addresses is a hostlist; you might define it in the main
config as:
hostlist bad_host_addresses = /usr/local/etc/exim/reserved_ip_space
If you do use a smarthost, then you probably want to use "no_verify" on
the smarthost and then have a dnslookup Router, like the one above, but
with "verify_only" set on it.
Regards,
-Phil
