Re: [exim] acl to deny senders

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
Subject: Re: [exim] acl to deny senders
> From: Judy Angel

> I have a number of local users that I wish to block from sending email.
>
> I have the acl below in place and when I test with exim -bs I see the deny
> message but when the local user sends an email it is delivered.
> The aliases.deny file has the users email address
> What have I overlooked?


What exactly do you call "local users"?
CGI scripts or shell users on the same machine as Exim?
Such scripts or shell users can send mail in two ways: via SMTP to localhost
or by invoking Exim binary (usually passing header and body to it via a pipe).

> acl_smtp_data = acl_check_sender


It's called only if submission is via SMTP.

> begin acl
>  acl_check_sender:
>       deny message = "Please use private email"
>      senders = /var/exim/data/aliases.deny


"senders" is better used in acl_smtp_rcpt than in acl_smtp_data.
But you need to use also acl_not_smtp.

But more importantly, sender easily can be forged
(especially if submission is via SMTP),
i.e. your protection easily can be circumwented.
You need a way to determine which user it is
other than with "senders".