[exim] Spoof prevention acl

Fri, 14 Jun 2013 00:42:16 -0700 

Hi,

I am trying to add spoof prevention acl at acl_smtp_datacustom [which
inturn calls acl_smtp_data]. But the problem is its rejecting incoming
mails as well at times. The acl I used was:

----------------------------------------------------------
acl_smtp_data = acl_smtp_data_custom

acl_smtp_data_custom:

# Deny Messages if their to/from is not hosted in the server (Spoof
prevention)
   discard message = Message denied - From address spoofing attempt
detected via SMTP ( From address: $h_from )
   ! condition = ${if match{$h_from:}{$primary_hostname} {true}{false}}
   ! condition = ${if eq{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}lsearch{/etc/localdomains}{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{false}}}}
   ! condition = ${if eq{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}lsearch{/etc/remotedomains}{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{false}}}}
   ! condition = ${if eq{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}lsearch{/etc/localdomains}{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{false}}}}
   ! condition = ${if eq{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}lsearch{/etc/remotedomains}{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{false}}}}

   warn
     set acl_m_accepted = no
     acl = acl_smtp_data
     set acl_m_accepted = yes

   accept
     condition = ${acl_m_accepted}

# END acl_smtp_data_custom
----------------------------------------------------------

The logic is like,

If either from address domain part or to address domain part is in files
/etc/remotedomains or /etc/localdomains then allow to send mail.

I am not sure where I am wrong. I tried to use the same acl in
acl_smtp_predata, but $h_to, $h_from dosen't have values at the acl.

Is there any other way I can do it. Please assist.


-- 
Regards,
Soumya
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to