[exim] ACL Troubles.....

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Davila
Date:  
À: exim-users
Sujet: [exim] ACL Troubles.....
I implemented the following ACL's in my exim config file . But when our
mail servers on the LAN relay to this exim server on the DMZ , these are
put into play, when I want the rules to work from the outside world . Not
from my own trusted servers. Any help will be greatly appreciated.

hostlist relay_from_hosts = (I allowed my subnet in this area,
X.X.X.X/24)

acl_check_rcpt:

# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this
by
# testing for an empty sending host field.

  accept  hosts = :
          control = dkim_disable_verify


 deny   message         = You cannot be localhost.localdomain in the 
internet
        logwrite        = :reject:  HELO is faked as localhost.localdomain
        condition       = ${if 
match{$sender_helo_name}{\Nlocalhost\.localdomain\N}}


  # we're doing HELO checks here, because we can't add headers in 
acl_smtp_helo
  deny  message         = X-Invalid-HELO: HELO is IP only (See RFC2821 
4.1.3)
        logwrite        = :reject:  HELO ($sender_helo_name) is IP only 
(See RFC2821 4.1.3)
        condition       = ${if isip{$sender_helo_name}}


  deny  message         = X-Invalid-HELO: HELO is no FQDN (contains no 
dot) (See RFC2821 4.1.1.1)
        logwrite        = :reject:  HELO ($sender_helo_name) is no FQDN 
(contains no dot) (See RFC2821 4.1.1.1)
        # Required because "[IPv6:<address>]" will have no .s
        condition       = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}} 


        condition       = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}


  deny  message         = X-Invalid-HELO: HELO is no FQDN (ends in dot) 
(See RFC2821 4.1.1.1)
        logwrite        = :reject:  HELO ($sender_helo_name) is no FQDN 
(ends in dot) (See RFC2821 4.1.1.1)
        condition       = ${if match{$sender_helo_name}{\N\.$\N}}


  deny  message         = X-Invalid-HELO: HELO is no FQDN (contains double 
dot) (See RFC2821 4.1.1.1)
        logwrite        = :reject:  HELO ($sender_helo_name) is no FQDN 
(contains double dot) (See RFC2821 4.1.1.1)
        condition       = ${if match{$sender_helo_name}{\N\.\.\N}}


  deny  message         = X-Invalid-HELO: Host impersonating 
[$primary_hostname]
        logwrite        = :reject:  HELO ($sender_helo_name) impersonating 
[$primary_hostname]
        condition       = ${if 
match{$sender_helo_name}{$primary_hostname}{yes}{no}}
        # TODO: nicht auf loopback generieren


  deny  message         = X-Invalid-HELO: $interface_address is _my_ 
address
        logwrite        = :reject:  HELO ($sender_helo_name) uses _my_ 
address ($interface_address)
        # [own IP] or even without brackets as HELO
        condition       = ${if or{{\
 eq{[$interface_address]}{$sender_helo_name}\
                          }{\
                                eq{$interface_address}{$sender_helo_name}\
                          }}}


  deny  message         = X-Invalid-HELO: no HELO 
        logwrite        = :reject:  no HELO ($sender_helo_name)
        condition       = ${if !def:sender_helo_name}