On 26/01/2010 09:49, Dave Evans wrote:
>>> The only means by which I think I can restrict traffic so that it *truly*
>>> comes from within the hotel's IP address, is to make it so that the emails
>>> must have *only one* 'Received: from' header.
>>>
>>> If the email was truly from just within the hotel's network, it would only
>>> have the header below (i.e. only one 'Received: from' header)
>>>
>>> Any way to do this?
>>
>> I think you should be able to put this in your acl_smtp_data acl:
>>
>> deny condition = ${if !eq{$h_Received:}{}}
>> message = Received headers not allowed
>>
>> MUAs shouldn't be adding their own received headers before submitting
>> messages to your server.
>
> Messages can legitimately have more than one "Received" header (though
> admittedly one is by far the most common case). You may end up blocking some
> legit mail by mistake.
As I understand it, for his scenario, he only wants to accept email from
MUAs. I don't know of a case where an MUA would add a Received header to
an email when constructing it?
> Also, isn't Exim's own "Received" header added before the acl_smtp_data is
> run?
I don't know.
> In which case that above ACL would block *all* mail? I would have
> thought you'd want something like (totally untested):
>
> condition = ${if match{$h_Received:}{\\n}}
Received headers usually have newlines in them. Possibly better to check
for:
condition = ${if match{$h_Received:}{\N\nReceived: \N}}
Or:
condition = ${if match{$h_Received:}{\N\nfrom \N}}
I can't remember how it works. The person who started this thread can test.
--
Mike Cardwell : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
