Q0705
How can I use tcpwrappers in conjunction with Exim?
Exim's own control facilities can do all that tcpwrappers can do.
However, if you are already using tcpwrappers for other things it might
be convenient to include Exim controls in the same place. First of all,
ensure that Exim is built to call the tcpwrappers library, by including
USE_TCPWRAPPERS=yes in Local/Makefile. You also need to ensure that
the header file tcpd.h is available at compile time, and the
libwrap.a library is available at link time, typically by including it
in EXTRALIBS. You may need to copy these two files from the
tcpwrappers build directory to, for example, /usr/local/include and
/usr/local/lib, respectively. Then you could reference them by
CFLAGS=-I/usr/local/include
EXTRALIBS=-L/usr/local/lib -lwrap
in Local/Makefile. There are two ways to make use of the functionality, depending on how you have tcpwrappers set up. If you have it set up to use only one file, you ought to have something like:
/etc/hosts.allow:
exim : <client_list> : <allow_or_deny>
For example:
exim : LOCAL 192.168.0. .friendly.domain special.host : ALLOW
exim : ALL : DENY
This allows connections from local hosts (chiefly localhost), from the subnet 192.168.0.0/24, from all hosts in *.friendly.domain, and from a specific host called*special.host*. All other connections are denied. If you have tcpwrappers set up to use two files, use the following:
/etc/hosts.allow:
exim : <client_list>
/etc/hosts.deny:
exim : <client_list>
Read the hosts_access man page for more ways of specifying clients, including ports, etc., and on logging connections.
- How do I block unwanted messages from outside my host?
- I don't want to block spam entirely; how can I inspect each message
- How can I test that my spam blocks are working?
- How can I test that Exim is correctly configured to use a DNS black list
- How can I use tcpwrappers in conjunction with Exim?
- How can I get POP-auth-before-relay (aka POP-before-SMTP) support in
- I have one or two cases where my host correctly rejects messages, but
- How can I run customized verification checks on incoming addresses?
- Does Exim apply RBL checks to error messages, those with an envelope
- I want to reject certain sender-recipient combinations, with a specific
- Will Exim allow me to create a file of regexs and match incoming
- I've hacked sendmail to make an ioctl call at the time of the SMTP RCPT
- I'd like to pass all messages through a virus-scanning system before
- Is there a way to configure Exim to reject mail to a certain local host?
- How can I get Exim to remove attachments from messages?
- How can I arrange for each user to have a file listing the only sender
- When using Nessus on a system that runs Exim, a number of security
- Could anyone points me to right rules to prevent sending/receiving
- I would like to have a per-user limit for the maximum size of messages
- I set
accept hosts=192.168.122.96/32in order to accept mail for - I have POP-before-SMTP set up on my Exim server, but some clients use
- I installed Amavis and it is working, but bounces are simply vanishing.
- I can't get Pine to work with PLAIN authentication; Exim keeps
- I have used
:fail:in some aliases; when one of these addresses is refused, I see the message on the log, but the response to the remote user is unknown user > instead of the message from the alias file. How can I change this? - I've set up some specific rejection messages for certain recipients, but
- My SMTP authentication can be bypassed by sending an unknown user name
- When a message has many recipients, how can I stop SpamAssassin_ from
- How do I use Exiscan, SA-Exim, SpamAssassin_, Clam Antivirus, Sophos
- How can I screen out addresses that are neither valid usernames or
- How can I use the same passwords for SMTP authentication as I use for
- Is there any defence I can use against spam sent through an open proxy?
- I would like to either warn or deny when a host uses an underscore in
- Is there any way to tell Exim not to lookup the IP address against any
- How do MailScanner_ and Exiscan compare? What are the pros and cons?
- How can I block non-FQDNs in HELO/EHLOs?
- Is it possible to tell exim to drop the connection after a server
- Is there some way to tell Exim not to consider 127.0.0.1 as a valid MX?
- How can I configure Exim to delay the SMTP connection if more than 10
- Does Exim support SPF?
- How can I change the MAIL FROM address that is used for callouts?
- How can I get Outlook Express to use TLS when authenticating?
- How do I stop Exim being an open relay?
- What should I put in my acl_smtp_rcpt?
- I've got a queue full of "bounce" messages. How do I get rid of them?