Q0743
Mike Shulman edited this page Aug 7, 2014
·
3 revisions
What should I put in my acl_smtp_rcpt?
Often, people want to arrange their RCPT ACL something like this:
-
Accept anything locally generated:
accept hosts = : -
Accept anything from authenticated users:
accept authenticated = * -
Accept anything from the local network:
accept hosts = +local_network- here you have to decide what "local_network" means - for
example, you might want to define it as
192.168.0.0/16
- here you have to decide what "local_network" means - for
example, you might want to define it as
-
Reject non-local domains:
deny domains = !+local_domains message = Relaying denied- this is what stops your Exim from being an open relay. Again,
you have to decide what
local_domainsmeans.
- this is what stops your Exim from being an open relay. Again,
you have to decide what
-
Reject invalid recipients:
require verify = recipient- this causes Exim to check that the recipient is routeable.
For example,
bob@your.example.commight exist, butlktjnho@your.example.commight not. Usingverify = recipient, in conjunction with the right router configuration, causes Exim to reject the bad addresses at RCPT time.
- this causes Exim to check that the recipient is routeable.
For example,
-
If you want to add extra checks (such as consulting DNS blacklists, or rejecting "bounce" messages with large numbers of recipients), this would be a good place to do add them.
-
Accept the rest:
accept
But as long as you don't configure Exim to be an open relay, the details are entirely up to you.
For more information, see the Exim Specification:
- How do I block unwanted messages from outside my host?
- I don't want to block spam entirely; how can I inspect each message
- How can I test that my spam blocks are working?
- How can I test that Exim is correctly configured to use a DNS black list
- How can I use tcpwrappers in conjunction with Exim?
- How can I get POP-auth-before-relay (aka POP-before-SMTP) support in
- I have one or two cases where my host correctly rejects messages, but
- How can I run customized verification checks on incoming addresses?
- Does Exim apply RBL checks to error messages, those with an envelope
- I want to reject certain sender-recipient combinations, with a specific
- Will Exim allow me to create a file of regexs and match incoming
- I've hacked sendmail to make an ioctl call at the time of the SMTP RCPT
- I'd like to pass all messages through a virus-scanning system before
- Is there a way to configure Exim to reject mail to a certain local host?
- How can I get Exim to remove attachments from messages?
- How can I arrange for each user to have a file listing the only sender
- When using Nessus on a system that runs Exim, a number of security
- Could anyone points me to right rules to prevent sending/receiving
- I would like to have a per-user limit for the maximum size of messages
- I set
accept hosts=192.168.122.96/32in order to accept mail for - I have POP-before-SMTP set up on my Exim server, but some clients use
- I installed Amavis and it is working, but bounces are simply vanishing.
- I can't get Pine to work with PLAIN authentication; Exim keeps
- I have used
:fail:in some aliases; when one of these addresses is refused, I see the message on the log, but the response to the remote user is unknown user > instead of the message from the alias file. How can I change this? - I've set up some specific rejection messages for certain recipients, but
- My SMTP authentication can be bypassed by sending an unknown user name
- When a message has many recipients, how can I stop SpamAssassin_ from
- How do I use Exiscan, SA-Exim, SpamAssassin_, Clam Antivirus, Sophos
- How can I screen out addresses that are neither valid usernames or
- How can I use the same passwords for SMTP authentication as I use for
- Is there any defence I can use against spam sent through an open proxy?
- I would like to either warn or deny when a host uses an underscore in
- Is there any way to tell Exim not to lookup the IP address against any
- How do MailScanner_ and Exiscan compare? What are the pros and cons?
- How can I block non-FQDNs in HELO/EHLOs?
- Is it possible to tell exim to drop the connection after a server
- Is there some way to tell Exim not to consider 127.0.0.1 as a valid MX?
- How can I configure Exim to delay the SMTP connection if more than 10
- Does Exim support SPF?
- How can I change the MAIL FROM address that is used for callouts?
- How can I get Outlook Express to use TLS when authenticating?
- How do I stop Exim being an open relay?
- What should I put in my acl_smtp_rcpt?
- I've got a queue full of "bounce" messages. How do I get rid of them?