[exim] Spoof prevention acl

Top Page
Delete this message
Reply to this message
Author: soumya tr
Date:  
To: exim-users@exim.org
Subject: [exim] Spoof prevention acl
Hi,

I am trying to add spoof prevention acl at acl_smtp_datacustom [which
inturn calls acl_smtp_data]. But the problem is its rejecting incoming
mails as well at times. The acl I used was:

----------------------------------------------------------
acl_smtp_data = acl_smtp_data_custom

acl_smtp_data_custom:

# Deny Messages if their to/from is not hosted in the server (Spoof
prevention)
discard message = Message denied - From address spoofing attempt
detected via SMTP ( From address: $h_from )
! condition = ${if match{$h_from:}{$primary_hostname} {true}{false}}
! condition = ${if eq{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}lsearch{/etc/localdomains}{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{false}}}}
! condition = ${if eq{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}lsearch{/etc/remotedomains}{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{false}}}}
! condition = ${if eq{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}lsearch{/etc/localdomains}{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{false}}}}
! condition = ${if eq{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}lsearch{/etc/remotedomains}{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{false}}}}

   warn
     set acl_m_accepted = no
     acl = acl_smtp_data
     set acl_m_accepted = yes


   accept
     condition = ${acl_m_accepted}


# END acl_smtp_data_custom
----------------------------------------------------------

The logic is like,

If either from address domain part or to address domain part is in files
/etc/remotedomains or /etc/localdomains then allow to send mail.

I am not sure where I am wrong. I tried to use the same acl in
acl_smtp_predata, but $h_to, $h_from dosen't have values at the acl.

Is there any other way I can do it. Please assist.


--
Regards,
Soumya