Re: [exim] Block if sender and recipient domain are the same…

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMAndrew C Aitchison at <-
MMPeter Leeman at ->
Delete this message
Reply to this message
Author: Peter Leeman
Date:  
To: Mike Brudenell, exim-users@exim.org
Subject: Re: [exim] Block if sender and recipient domain are the same?
Hi Mike

Thanks for the detailed response, very informative.

Yes I did mean RFC5321 (or at least now that I have scanned the RFCs that’s what I meant) for both from and to, and it would be for a single domain.

We have decided to go for two Exim boxes, one to handle incoming the other for outgoing.  This will keep the rules simple and make diagnostics easier.

Thanks again for your time, much appreciated.

Regards,

Pete.

Please don't print this e-mail unless you really need to. Help protect our environment.

From: Mike Brudenell [mailto:mike.brudenell@york.ac.uk]
Sent: 20 March 2017 15:43
To: exim-users@???
Subject: Re: [exim] Block if sender and recipient domain are the same?

Hi, Pete -

Assuming by sender and recipient you mean the RFC5321.MailFrom and RFC5321.RcptTo addresses — ie, those in the envelope — then it should be straightforward. (You can still do it if you mean the RFC5322.From and RFC5322.To header addresses, but it's a little more complicated.)

You'll want an entry in your acl_smtp_rcpt ACL that uses either the deny or discard verb: the former issues an SMTP rejection code back to the sending server when it needs to reject a recipient address; the latter pretends to accept the recipient address but then silently discards it.

If this is to apply to a single domain name only then it's probably easiest to use the domains and sender_domains conditions to match recipient and sender domains. For example something like this (untested!):

deny
message = Users in domain-a.com<http://domain-a.com> can't send messages to domain-a.com<http://domain-a.com> recipients
domains = domain-a.com<http://domain-a.com>
sender_domains = domain-a.com<http://domain-a.com>

However if you have two or more domains to apply this to then you instead need to (1) see if the sender domain is one you're interested in and, if it is, then (2) check if the sender domain matches the recipient domain. For example something along these (untested!) lines:

# List of domain names whose users can't send to recipients within the same domain name.
domainlist blocksamedomainusers = domain-a.com<http://domain-a.com> : domain-b.com<http://domain-b.com> : domain-c.com<http://domain-c.com>

… Then in your acl_smtp_rcpt ACL …

deny
message = Users in $sender_address_domain can't send messages to $domain recipients
sender_domains = +blocksamedomainusers
condition = ${if eqi{$sender_address_domain}{$domain}}

This should work for a message someone in domain-a.com<http://domain-a.com> sends to a mix of recipients: some in the same domain and some in others: the addresses in the same domain will be rejected/discarded, but the message will still go through to recipients in other domains.

Cheers,
Mike B-)

On 20 March 2017 at 14:57, Peter Leeman <Peter.Leeman@???<mailto:Peter.Leeman@moray.gov.uk>> wrote:
Hi All

Is it possible to block an email if both the sender and recipient domain are the same?
Example - sender@???<mailto:sender@domain-a.com><mailto:sender@domain-a.com<mailto:sender@domain-a.com>> to recipient@???<mailto:recipient@domain-a.com><mailto:recipient@domain-a.com<mailto:recipient@domain-a.com>>

The reason I am looking to do this is we are going to be using Exim to handle incoming/outgoing mail for a domain hosted on Exchange so any mail for domain-a.com<http://domain-a.com> being emailed from a mailbox on domain-a.com<http://domain-a.com> will never leave exchange.  We still want a sender on domain-a.com<http://domain-a.com> to be able to email external domains, but want to prevent incoming emails destined for domain-a.com<http://domain-a.com> appearing as if they are coming from domain-a.com<http://domain-a.com>.

The only alternative I can see at this stage is to have two Exim boxes, one to handle incoming the other to handle outgoing.

Thanks for any help.

Regards,

Pete.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/



--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web:                www.york.ac.uk/it-services<http://www.york.ac.uk/it-services>
Disclaimer:        www.york.ac.uk/docs/disclaimer/email.htm<http://www.york.ac.uk/docs/disclaimer/email.htm>

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Block if sender and recipient domain are the same?Re: [exim] Block if sender and recipient domain are the same?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)