FAQ / Policy controls / Q0743

Q0743

Question

What should I put in my acl_smtp_rcpt?

Answer

Often, people want to arrange their RCPT ACL something like this:

• Accept anything locally generated:

      accept hosts = :

• Accept anything from authenticated users:

      accept authenticated = *

• Accept anything from the local network:

      accept hosts = +local_network

  - here you have to decide what "local_network" means - for example, you might want to define it as 192.168.0.0/16

• Reject non-local domains:

      deny domains = !+local_domains
           message = Relaying denied

  - this is what stops your Exim from being an open relay. Again, you have to decide what local_domains means.

• Reject invalid recipients:

      require verify = recipient

  - this causes Exim to check that the recipient is routeable. For example, bob@your.example.com might exist, but lktjnho@your.example.com might not. Using verify = recipient, in conjunction with the right router configuration, causes Exim to reject the bad addresses at RCPT time.

• If you want to add extra checks (such as consulting DNS blacklists, or rejecting "bounce" messages with large numbers of recipients), this would be a good place to do add them.

• Accept the rest:

      accept

But as long as you don't configure Exim to be an open relay, the details are entirely up to you.

For more information, see the Exim Specification:

• Access Control Lists

• the ACL section of the default configuration file

FAQ / Policy controls / Q0743

CategoryFrequentlyAskedQuestions