Mike Shulman edited this page Aug 7, 2014 · 3 revisions
Clone this wiki locally



What should I put in my acl_smtp_rcpt?


Often, people want to arrange their RCPT ACL something like this:

  • Accept anything locally generated:

    accept hosts = :
  • Accept anything from authenticated users:

    accept authenticated = *
  • Accept anything from the local network:

    accept hosts = +local_network
    • here you have to decide what "local_network" means - for example, you might want to define it as
  • Reject non-local domains:

    deny domains = !+local_domains
         message = Relaying denied
    • this is what stops your Exim from being an open relay. Again, you have to decide what local_domains means.
  • Reject invalid recipients:

    require verify = recipient
    • this causes Exim to check that the recipient is routeable. For example, bob@your.example.com might exist, but lktjnho@your.example.com might not. Using verify = recipient, in conjunction with the right router configuration, causes Exim to reject the bad addresses at RCPT time.
  • If you want to add extra checks (such as consulting DNS blacklists, or rejecting "bounce" messages with large numbers of recipients), this would be a good place to do add them.

  • Accept the rest:


But as long as you don't configure Exim to be an open relay, the details are entirely up to you.

For more information, see the Exim Specification: