On 07/28/2010 07:26 PM, Phillip Carroll wrote:
> All email from my host domains originates in the host, or arrives on the loopback interface. (All valid external senders must log in to the system via SSH, and tunnel to 127.0.0.1:25)
>
> I want to take advantage of this in the acl sections to accomplish at least the following:
>
> (1) Eliminate spam that has a forged sender that purports being from one of the host domains, but actually arrives via the public IP. (Preferably in the RCPT acl, but at least before any data scanning)
>
So, you need to rejsct on a few conditions. That's a "deny" acl, and
you can do it somewhere in the RCPT-time acl processing chain.
Add one. Look into the docs at exim.org for what conditions you can
use on ACLs. I'd suggest you select on non-127.0.0.1 in case your
public IP changes or extras are added. Select also on the (recipient)
domain claiming to be one of yours. Pick some suitably pithy message
to inform the spammer of his status in your eyes. Put a separate,
more useful, message in your logs if you feel like it.
That's about it, really.
> (2) Bypass malware scanning of all verified in-house originated emails. (But obviously not the forged ones)
If the stanza which calls the malware scan is just a deny, add at the top of it
a condition of the local-IP being not 127.0.0.1 .
If it's more complex, or you can't follow the logic, split it out into a "subroutine" acl
called using "require condition= <really not-mine> acl= <subroutine-acl>"
Cheers,
Jeremy
