On 2009-10-23 at 22:28 +0000, [email protected] wrote: > On a test server I have set up, I'm attempting to reject senders where > the sender domain has an MX record pointing to an internal (or > reserved) IP address. Reading the Exim documentation, this is what > I've come up with: > [ snip complicated ACL rules ] > > /usr/local/etc/exim/reserved_ip_space has a list of IP address ranges > in CIDR format of all the internal (or reserved) IP space. > > It is working as expected. I am just curious if there is an alternate > or reduced way of performing the same results.
Yes. You don't route messages to those addresses. Then the "verify = sender" in your ACL (somewhere), will fail and the message will be rejected. The sender verify by default stops as soon as it has a method of delivery which goes off-host, so you need a DNS lookup which lets the dnslookup be used. If you do not use a smarthost, then something like: dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = +bad_host_addresses where +bad_host_addresses is a hostlist; you might define it in the main config as: hostlist bad_host_addresses = /usr/local/etc/exim/reserved_ip_space If you do use a smarthost, then you probably want to use "no_verify" on the smarthost and then have a dnslookup Router, like the one above, but with "verify_only" set on it. Regards, -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
