Steve Sobol wrote: > On Fri, 22 Sep 2006, W B Hacker wrote: > > >>May be just my contrarian view of semantics, but I interpret that as: >> >>"Accept mail for (most) domains from any source." >> >>"Accept mail from (certain specific) domains ONLY from (one, or a short >>list of) specific IP(s). > > > 100% correct, but I forgot to mention that the restricted domains still > need to be able to accept authenticated connections from anywhere. > > But I think the method you're describing should be extensible to > authenticated connections pretty easily. I am going to try it. > > Thanks, > Steve >
Oh, we DO that. Specifically, we check for relay_hosts and 'authenticated' *first*, even using separate (non-standard) ports and protocols to give our Mac & *BSD users a leap right over SA checking, while scanning both of our remaining Win-Lusers traffic in both directions to protect others. acl_(x) as flags are very handy when the action must take place in a different smtp-phase than the detection, AND/OR the 'detection' tests are multi-part or modified by other events. If there is a limit to Exim's flexibility, I have yet to hit it... ;-) Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
