On 2024-03-26, TomNewChao via Exim-users <[email protected]> wrote:
> Thanks for your apply.
> I have read your information about
> `https://github.com/Exim/exim/wiki/BlockCracking`. The main purpose is to
> modify the configuration to prevent user attacks through frequency limiting.
> However, it doesn't meet my needs. I wonder if we can add an IP whitelist to
> allow emails sent by specified users through login. For accepting emails from
> other MTAs, just release them directly.
> The config As follows in acl_check_rcpt:
> `
> accept
> authenticated = *
> control = submission/sender_retain
> control = dkim_disable_verify
> condition = ${if match_ip{$sender_host_address}{172.20.0.0/16 :
> 127.0.0.1 : ::::1 : 192.168.1.0/24}}
> deny
> message = Your IP address $sender_host_address is not allowed to send
> mail.
> `
>
>
> But it will block all mailboxes, including those sent by logging in with
> username and password and mails received from other MTAs. I just want to
> block mails sent by logging in with username and password, not mails
> forwarded by other MTAs. Is there a better approach here?
Before the deny (or even before the first accept)
there should be another accept for those other messages,
accept
domains= +local_domains
verify = recipient
or something like that.
>
--
Jasen.
🇺🇦 Слава Україні
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
