Re: [exim] restricting sending domain

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] restricting sending domain
Jonathan Gilpin via Exim-users <exim-users@???> (Mi 08 Nov 2017 23:13:07 CET):
> hi!
>
> I am trying to restrict Authenticated users from sending from a domain name other than those designated as local domains.
>


… isn't that the question we had yesterday in #exim?

> in acl_smtp_rcpt
>
> I have the following code:
>
> deny  log_message      = Sender trying to send from an unapproved domain name.
>       authenticated    = *
>       sender_domains   = !+local_domains
>       message          = You must send from an approved domain name.

>
> Where local_domains is defined by
>
> domainlist local_domains = mysql;MYSQL_Q_LDOMAIN
>
> and
>
> MYSQL_Q_LDOMAIN=SELECT SQL_CACHE DISTINCT domaintable.domain FROM domaintable LEFT JOIN accounts ON domaintable.domain = accounts.domain WHERE domaintable.domain='$domain' and accounts.active = ‘1'
>
> Could someone please point out where I am going wrong as this is rejecting all domains?


Assume a local domain as 'example.local' and the remote domain as
'example.remote'. Now your use is sending a message

    hans@??? ⇒ fred@???



The +local_domains list would be empty now, as the resulting SQL query
is about "SELECT … WHERE domaintable.domain='example.remote'…". You're
using $domain in your query, which is perfectly right for inbound
messages, to check if they're for your system. But for outbound messages
you need to use $sender_address_domain there.

And, to re-iterate me from #exim: Do not forget to have a final 'accept'
in your acl_check_rcpt, as there is an invisible implicit deny at the
very and, which applies, except you do an accept explicitly.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -