John Horne wrote:
> On Wed, 2009-11-18 at 22:07 -0500, Joe Doehler wrote:
>> I have been using Exim for 10+ years as a hobbyist, but I have never
>> touched the ACL until this week: I have been doing all my filtering in
>> "local_scan()". My first try at using the ACL does not work. Because all
>> the outgoing mail from my domain originates from a local network, I am
>> trying to deny mail with the following properties:
>> - Source from public IP addresses
>> - And return address that uses my domain name, that I consider spoofed.
>>
>> In the "acl_check_rcpt" section, I write:
>> deny message = Some message
>> domains = +local_domains
>> hosts = !+relay_from_hosts
>>
>> What results from this is that all mail from public IP addresses is
>> denied - not the intent. I am missing something elementary, but I do not
>> know what it is. Help would be appreciated.
>>
You are not checking to see if your domain is being spoofed.
deny message = some message
domains = +local_domains
hosts = !+relay_from_hosts
condition = ${if {match_domain
{$sender_address_domain}{+local_domains} {true}{false}}
The above should do the job. (The condition line might appear to across
2 lines but it is actually one line)
>> If this helps, here is the list definition:
>>
>> domainlist local_domains = @ : localhost : mylastname.us :
>> localhost.localdomain
>> domainlist relay_to_domains =
>> hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.0/8
> ^^^^^^^^^^^^^
>
> Minor point - shouldn't that be 192.168.0.0/16 or 192.168.1.0/24 or even
> 192.0.0.0/8.
>
agreed
HTH
cya
Andrew
>
>
> John.
>
