009/1/2 Frank DeChellis <[email protected]>: > > Can anybody offer me a quick set of rules that would compare the ip source > of an email listed in local_domains vs the Ips in relay_from_hosts? This is > for mail coming in from outside? > > Sort of this line of thinking: > 1. Is the domain of the email listed in local_domains? > 2. Yes? Ok, is the source IP listed in relay_from_hosts? > 3. Yes? Move one > 4. No? Reject it.
Logic looks good. Bear in mind you'll probably have a few false positives - mail sent from some websites deliberately 'forges' the sender address (probably bad practice, but it might be important to you), and road-warrior mail sent from an external source to local addresses with local sender address. > > I'm trying to stop the avalanche of emails pretending to come from our > system that are avoiding or spam filter. > > I'm thinking it goes under acl_smtp_data > > deny message = local domain sent from illegal host > sender_domains = +sender_domains > hosts = !+relay_from_hosts > > Am I on the right track? Definitely. I'd put it in the RCPT ACL to deny the mail as early as possible. Oh, and calling the domainlist '+sender_domains' is either confusing, illegal or both, not sure which. Peter -- Peter Bowyer Email: [email protected] Follow me on Twitter: twitter.com/peeebeee -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
