[exim] Re: How to restrict client login through IP whitelist

Góra strony
Delete this message
Reply to this message
Autor: Jasen Betts
Data:  
Dla: exim-users
Temat: [exim] Re: How to restrict client login through IP whitelist
On 2024-03-26, TomNewChao via Exim-users <exim-users@???> wrote:
> Thanks for your apply.
>    I have read your information about `https://github.com/Exim/exim/wiki/BlockCracking`. The main purpose is to modify the configuration to prevent user attacks through frequency limiting. However, it doesn't meet my needs. I wonder if we can add an IP whitelist to allow emails sent by specified users through login. For accepting emails from other MTAs, just release them directly.
> The config As follows in acl_check_rcpt:
> `
>       accept
>         authenticated = *
>         control = submission/sender_retain
>         control = dkim_disable_verify
>         condition = ${if match_ip{$sender_host_address}{172.20.0.0/16 : 127.0.0.1 : ::::1 : 192.168.1.0/24}}
>       deny
>         message = Your IP address $sender_host_address is not allowed to send mail.
> `
>
>
> But it will block all mailboxes, including those sent by logging in with username and password and mails received from other MTAs. I just want to block mails sent by logging in with username and password, not mails forwarded by other MTAs. Is there a better approach here?



Before the deny (or even before the first accept) 
there should be another accept for those other messages,

  accept 
    domains= +local_domains
    verify = recipient
    
or something like that.

>



--
Jasen.
🇺🇦 Слава Україні

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/