Re: [exim] ACL Question

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Phil Pennock
日付:  
To: Joe Doehler
CC: exim-users
題目: Re: [exim] ACL Question
On 2009-11-18 at 22:07 -0500, Joe Doehler wrote:
> I have been using Exim for 10+ years as a hobbyist, but I have never
> touched the ACL until this week: I have been doing all my filtering in
> "local_scan()". My first try at using the ACL does not work. Because all
> the outgoing mail from my domain originates from a local network, I am
> trying to deny mail with the following properties:
> - Source from public IP addresses
> - And return address that uses my domain name, that I consider spoofed.
>
> In the "acl_check_rcpt" section, I write:
> deny    message = Some message
>         domains = +local_domains
>         hosts   = !+relay_from_hosts

>
> What results from this is that all mail from public IP addresses is
> denied - not the intent. I am missing something elementary, but I do not
> know what it is. Help would be appreciated.


"domains" tests the _recipient_ domain. You want to test the _sender_
domain.

Try:

deny    message   = Some message
        condition = ${match_domain{$sender_address_domain}{+local_domains}}
        hosts     = !+relay_from_hosts


As a safety measure, it might be worth listing @[] in the definition of
relay_from_hosts.

Regards,
-Phil