Jonathan Gilpin via Exim-users <[email protected]> (Mi 08 Nov 2017 23:13:07 CET): > hi! > > I am trying to restrict Authenticated users from sending from a domain name > other than those designated as local domains. >
… isn't that the question we had yesterday in #exim?
> in acl_smtp_rcpt
>
> I have the following code:
>
> deny log_message = Sender trying to send from an unapproved domain name.
> authenticated = *
> sender_domains = !+local_domains
> message = You must send from an approved domain name.
>
> Where local_domains is defined by
>
> domainlist local_domains = mysql;MYSQL_Q_LDOMAIN
>
> and
>
> MYSQL_Q_LDOMAIN=SELECT SQL_CACHE DISTINCT domaintable.domain FROM domaintable
> LEFT JOIN accounts ON domaintable.domain = accounts.domain WHERE
> domaintable.domain='$domain' and accounts.active = ‘1'
>
> Could someone please point out where I am going wrong as this is rejecting
> all domains?
Assume a local domain as 'example.local' and the remote domain as
'example.remote'. Now your use is sending a message
[email protected] ⇒ [email protected]
The +local_domains list would be empty now, as the resulting SQL query
is about "SELECT … WHERE domaintable.domain='example.remote'…". You're
using $domain in your query, which is perfectly right for inbound
messages, to check if they're for your system. But for outbound messages
you need to use $sender_address_domain there.
And, to re-iterate me from #exim: Do not forget to have a final 'accept'
in your acl_check_rcpt, as there is an invisible implicit deny at the
very and, which applies, except you do an accept explicitly.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
