Quoting Phil Pennock <[email protected]>: > On 2009-10-23 at 22:28 +0000, [email protected] wrote: >> On a test server I have set up, I'm attempting to reject senders where >> the sender domain has an MX record pointing to an internal (or >> reserved) IP address. Reading the Exim documentation, this is what >> I've come up with: >> > [ snip complicated ACL rules ] >> >> /usr/local/etc/exim/reserved_ip_space has a list of IP address ranges >> in CIDR format of all the internal (or reserved) IP space. >> >> It is working as expected. I am just curious if there is an alternate >> or reduced way of performing the same results. > > Yes. You don't route messages to those addresses. Then the "verify = > sender" in your ACL (somewhere), will fail and the message will be > rejected. The sender verify by default stops as soon as it has a method > of delivery which goes off-host, so you need a DNS lookup which lets the > dnslookup be used. > > If you do not use a smarthost, then something like: > > dnslookup: > driver = dnslookup > domains = ! +local_domains > transport = remote_smtp > ignore_target_hosts = +bad_host_addresses > > where +bad_host_addresses is a hostlist; you might define it in the main > config as: > hostlist bad_host_addresses = /usr/local/etc/exim/reserved_ip_space > > If you do use a smarthost, then you probably want to use "no_verify" on > the smarthost and then have a dnslookup Router, like the one above, but > with "verify_only" set on it.
Thanks. I see my complex ACL rule can be replaced by a simple router that would reject when the 'verify = sender' is used. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
