On 2009-11-18 at 22:07 -0500, Joe Doehler wrote:
> I have been using Exim for 10+ years as a hobbyist, but I have never
> touched the ACL until this week: I have been doing all my filtering in
> "local_scan()". My first try at using the ACL does not work. Because all
> the outgoing mail from my domain originates from a local network, I am
> trying to deny mail with the following properties:
> - Source from public IP addresses
> - And return address that uses my domain name, that I consider spoofed.
>
> In the "acl_check_rcpt" section, I write:
> deny message = Some message
> domains = +local_domains
> hosts = !+relay_from_hosts
>
> What results from this is that all mail from public IP addresses is
> denied - not the intent. I am missing something elementary, but I do not
> know what it is. Help would be appreciated.
"domains" tests the _recipient_ domain. You want to test the _sender_
domain.
Try:
deny message = Some message
condition = ${match_domain{$sender_address_domain}{+local_domains}}
hosts = !+relay_from_hosts
As a safety measure, it might be worth listing @[] in the definition of
relay_from_hosts.
Regards,
-Phil