Re: [exim] ACL Question

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andrew
Date:  
À: John Horne
CC: Exim users
Sujet: Re: [exim] ACL Question
John Horne wrote:
> On Wed, 2009-11-18 at 22:07 -0500, Joe Doehler wrote:
>> I have been using Exim for 10+ years as a hobbyist, but I have never
>> touched the ACL until this week: I have been doing all my filtering in
>> "local_scan()". My first try at using the ACL does not work. Because all
>> the outgoing mail from my domain originates from a local network, I am
>> trying to deny mail with the following properties:
>> - Source from public IP addresses
>> - And return address that uses my domain name, that I consider spoofed.
>>
>> In the "acl_check_rcpt" section, I write:
>> deny    message = Some message
>>         domains = +local_domains
>>         hosts   = !+relay_from_hosts

>>
>> What results from this is that all mail from public IP addresses is
>> denied - not the intent. I am missing something elementary, but I do not
>> know what it is. Help would be appreciated.
>>


You are not checking to see if your domain is being spoofed.


deny   message = some message
        domains = +local_domains
        hosts   = !+relay_from_hosts    
      condition = ${if {match_domain 
{$sender_address_domain}{+local_domains} {true}{false}}



The above should do the job. (The condition line might appear to across
2 lines but it is actually one line)

>> If this helps, here is the list definition:
>>
>> domainlist local_domains = @ : localhost : mylastname.us : 
>> localhost.localdomain
>> domainlist relay_to_domains =
>> hostlist   relay_from_hosts = 127.0.0.1 : 192.168.1.0/8
>                                             ^^^^^^^^^^^^^

>
> Minor point - shouldn't that be 192.168.0.0/16 or 192.168.1.0/24 or even
> 192.0.0.0/8.
>


agreed


HTH
cya
Andrew

>
>
> John.
>