Re: [exim] outbound discard all filter for cpanel twisted ex…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Mike Brudenell
Datum:  
To: Exim Users
Betreff: Re: [exim] outbound discard all filter for cpanel twisted exim
Hi, Brian -

On 17 February 2017 at 00:45, ping murder <pingmurder@???> wrote:

> re-reading your reply - it looks like an ACL might work (as long as cPanel
> updates don't clear them out) but would you have an example of a discard
> ACL for all mail?



Assuming I'm not going totally crackers (it is Friday, after all!),
wouldn't this ACL do the job?

In your *acl_smtp_mail* ACL put the one line


discard


With no conditions in place it'll always operate. In the *Exim
Specification* section *13. ACL return codes
<http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECID196>*
says:

If the ACL for MAIL returns “discard”, all recipients are discarded, and no
ACL is run for subsequent RCPT commands. The effect of “discard” in a RCPT
ACL is to discard just the one recipient address. If there are no
recipients left when the message’s data is received, the DATA ACL is not
run.


Do having the ACL that runs in response the MAIL FROM that selects
*discard* unconditionally
should discard all recipients for that incoming message, meaning the
message won't be delivered.

Using *discard* rather than *deny* means the sending system thinks their
message has been accepted so removes the outgoing message from its queue.
The receiving Exim discards it. Done.

Well, maybe not quite: you probably need an equivalent *acl_not_smtp* ACL
entry to also pick up and discard messages being submitted on the WP server
from the command line — eg, being piped into the exim/mail/sendmail
commands.

However as Chris suggests, you might find it valuable to create an SMTP
server that accepts and silently discards all incoming mail (eg, using the
above) and have your numerous client PHP servers send their email to it.
That would indeed give you a single place where all attempts to send
outgoing message would go so you could monitor its logs and look for
unexpected activity, helping to idnetify WP systems that had been
compromised.

Cheers,
Mike B-)

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm