I have done this:
in MAIL FROM acl:
accept
authenticated = *
sender_domains = +local_domains
hosts = +relay_from_hosts
set acl_m0 = authorizedrelay
deny
message = You can't spoof the domains this server is authorative for
sender_domains = ^(?i)(.*\\.sebbe|sebbe)\\.eu\$ : +local_domains
deny
message = Local users must authenticate
hosts = +relay_from_hosts
Description:
The first rule lets authenticated (both correct username/password but
also correct IP) through.Also it sets a variable so it "remembers"
that the user in question is authorized for RCPT and MAIL checks.
I have also enabled so it don't announce AUTH to unauthorized IPs so
its a double-check there.
If not authenticated, the MAIL FROM may not end in "sebbe.eu"
The third rule, that enforces local users in local net to
authenticate, is a Dirty check just to prevent virus/bot software from
mailing.
In RCPT TO acl:
accept
condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}}
control = submission/sender_retain
control = dkim_disable_verify
require
message = relay not permitted
domains = +local_domains
Description: This accepts mail that is authorized (in the MAIL stage)
regardless of destination, and also sets submission fixup and DKIM
disable. Else it will reject mails that are not destined for a local
mailbox.
In DATA acl:
deny
message = You can't spoof the MIME From this server is authorative for
condition = ${if match {$h_from:}{sebbe\\.eu}{yes}{no}}
condition = ${if eq {$acl_m0}{authorizedrelay}{no}{yes}}
deny
message = Authorized relayed messages MUST have a local MIME From
condition = ${if match {$h_from:}{@sebbe\\.eu>\$}{no}{yes}}
condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}}
Description:
This disables local spoofing in MIME from,.
And requires local adress for authorized users, to prevent bot/virus
software from spoofing it, so any breach becomes more traceable.
In addition, I have enabled SPF and made "softfail" and "hardfail"
both end up in a reject, which also puts down on a LOT of spoofing.
Den lör 19 jan. 2019 kl 12:51 skrev Sławomir Dworaczek via Exim-users
<exim-users@???>:
>
> Hello
> How to block sending mail from my host to my host users without authorization, so that in the future there are no such situations
> 41.56.57.80 is not my ip address
>
> Return-path: <katowice@???>
> Envelope-to: katowice@???
> Delivery-date: Sat, 19 Jan 2019 09:44:50 +0100
> Received: from exim by domain.dot.com with bogodone (Exim 4.91)
> (envelope-from <katowice@???>)
> id 1gkmFF-0002yr-NK
> for katowice@???; Sat, 19 Jan 2019 09:44:50 +0100
> Received: from [41.56.57.80]
> by domain.dot.com with esmtp (Exim 4.91)
> (envelope-from <katowice@???>)
> id 1gkmFE-0002ym-UR
> for katowice@???; Sat, 19 Jan 2019 09:44:49 +0100
> Message-ID: <B7A688EC4A99C22E3F1175D3005BB7A6@ORMX1OT69>
> From: <katowice@???>
> To: <katowice@???>
>
> regards
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
