Q0743

Mike Shulman edited this page Aug 7, 2014 · 3 revisions
Clone this wiki locally

Q0743

Question

What should I put in my acl_smtp_rcpt?

Answer

Often, people want to arrange their RCPT ACL something like this:

  • Accept anything locally generated:

    accept hosts = :
    
  • Accept anything from authenticated users:

    accept authenticated = *
    
  • Accept anything from the local network:

    accept hosts = +local_network
    
    • here you have to decide what "local_network" means - for example, you might want to define it as 192.168.0.0/16
  • Reject non-local domains:

    deny domains = !+local_domains
         message = Relaying denied
    
    • this is what stops your Exim from being an open relay. Again, you have to decide what local_domains means.
  • Reject invalid recipients:

    require verify = recipient
    
    • this causes Exim to check that the recipient is routeable. For example, bob@your.example.com might exist, but lktjnho@your.example.com might not. Using verify = recipient, in conjunction with the right router configuration, causes Exim to reject the bad addresses at RCPT time.
  • If you want to add extra checks (such as consulting DNS blacklists, or rejecting "bounce" messages with large numbers of recipients), this would be a good place to do add them.

  • Accept the rest:

    accept
    

But as long as you don't configure Exim to be an open relay, the details are entirely up to you.

For more information, see the Exim Specification: