On 2024-03-26, TomNewChao via Exim-users <exim-users@???> wrote:
> Thanks for your apply.
> I have read your information about `https://github.com/Exim/exim/wiki/BlockCracking`. The main purpose is to modify the configuration to prevent user attacks through frequency limiting. However, it doesn't meet my needs. I wonder if we can add an IP whitelist to allow emails sent by specified users through login. For accepting emails from other MTAs, just release them directly.
> The config As follows in acl_check_rcpt:
> `
> accept
> authenticated = *
> control = submission/sender_retain
> control = dkim_disable_verify
> condition = ${if match_ip{$sender_host_address}{172.20.0.0/16 : 127.0.0.1 : ::::1 : 192.168.1.0/24}}
> deny
> message = Your IP address $sender_host_address is not allowed to send mail.
> `
>
>
> But it will block all mailboxes, including those sent by logging in with username and password and mails received from other MTAs. I just want to block mails sent by logging in with username and password, not mails forwarded by other MTAs. Is there a better approach here?
Before the deny (or even before the first accept)
there should be another accept for those other messages,
accept
domains= +local_domains
verify = recipient
or something like that.
>
--
Jasen.
🇺🇦 Слава Україні
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/