Re: [exim] Rejecting MX Internal IP Addresses

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Phil Pennock
日付:  
To: d.hill
CC: exim-users
題目: Re: [exim] Rejecting MX Internal IP Addresses
On 2009-10-23 at 22:28 +0000, d.hill@??? wrote:
> On a test server I have set up, I'm attempting to reject senders where
> the sender domain has an MX record pointing to an internal (or
> reserved) IP address. Reading the Exim documentation, this is what
> I've come up with:
>

[ snip complicated ACL rules ]
>
> /usr/local/etc/exim/reserved_ip_space has a list of IP address ranges
> in CIDR format of all the internal (or reserved) IP space.
>
> It is working as expected. I am just curious if there is an alternate
> or reduced way of performing the same results.


Yes. You don't route messages to those addresses. Then the "verify =
sender" in your ACL (somewhere), will fail and the message will be
rejected. The sender verify by default stops as soon as it has a method
of delivery which goes off-host, so you need a DNS lookup which lets the
dnslookup be used.

If you do not use a smarthost, then something like:

dnslookup:
  driver        = dnslookup
  domains       = ! +local_domains
  transport     = remote_smtp
  ignore_target_hosts = +bad_host_addresses


where +bad_host_addresses is a hostlist; you might define it in the main
config as:
hostlist bad_host_addresses = /usr/local/etc/exim/reserved_ip_space

If you do use a smarthost, then you probably want to use "no_verify" on
the smarthost and then have a dnslookup Router, like the one above, but
with "verify_only" set on it.

Regards,
-Phil