2 ### acl/30_exim4-config_check_rcpt
3 #################################
5 # This access control list is used for every RCPT command in an incoming
6 # SMTP message. The tests are run in order until the address is either
11 # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
12 # testing for an empty sending host field.
17 # The following section of the ACL is concerned with local parts that contain
18 # certain non-alphanumeric characters. Dots in unusual places are
19 # handled by this ACL as well.
21 # Non-alphanumeric characters other than dots are rarely found in genuine
22 # local parts, but are often tried by people looking to circumvent
23 # relaying restrictions. Therefore, although they are valid in local
24 # parts, these rules disallow certain non-alphanumeric characters, as
27 # Empty components (two dots in a row) are not valid in RFC 2822, but Exim
28 # allows them because they have been encountered. (Consider local parts
29 # constructed as "firstinitial.secondinitial.familyname" when applied to
30 # a name without a second initial.) However, a local part starting
31 # with a dot or containing /../ can cause trouble if it is used as part of a
32 # file name (e.g. for a mailing list). This is also true for local parts that
33 # contain slashes. A pipe symbol can also be troublesome if the local part is
34 # incorporated unthinkingly into a shell command line.
36 # These ACL components will block recipient addresses that are valid
37 # from an RFC2822 point of view. We chose to have them blocked by
38 # default for security reasons.
40 # Two different rules are used. The first one has a quite strict
41 # default, and is applied to messages that are addressed to one of the
42 # local domains handled by this host.
45 domains = +local_domains
46 # This blocks local parts that begin with a dot or contain a quite
47 # broad range of non-alphanumeric characters.
48 local_parts = ^[.] : ^.*[@%!/|`#&?]
49 message = restricted characters in address
52 # The second rule applies to all other domains, and its default is
53 # considerably less strict.
55 # It allows local users to send outgoing messages to sites
56 # that use slashes and vertical bars in their local parts. It blocks
57 # local parts that begin with a dot, slash, or vertical bar, but allows
58 # these characters within the local part. However, the sequence /../ is
59 # barred. The use of some other non-alphanumeric characters is blocked.
60 # Single quotes might probably be dangerous as well, but they're
61 # allowed by the default regexps to avoid rejecting mails to Ireland.
62 # The motivation here is to prevent local users (or local users' malware)
63 # from mounting certain kinds of attack on remote sites.
65 domains = !+local_domains
66 local_parts = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
67 message = restricted characters in address
70 # Accept mail to postmaster in any local domain, regardless of the source,
71 # and without verifying the sender.
74 local_parts = postmaster
75 domains = +local_domains : +relay_to_domains
78 # Deny unless the sender address can be verified.
80 # This also performs "callout" verification, i.e., connect to the sender's
81 # mailserver and see if it accepts the mail address. This is quite
82 # expensive, but might save a bunch of spamchecks...
84 message = Sender verification failed
85 !verify = sender/callout
88 # Accept if the message arrived over an authenticated connection, from
89 # any host. These messages are usually from MUAs, so recipient
90 # verification is omitted, and submission mode is set. We do this
91 # check before any black list tests.
94 control = submission/sender_retain
96 # Accept if the message comes from one of the hosts for which we are an
97 # outgoing relay. These hosts are only dumb forwarders (nullmailers), not
98 # real MTAs, so we set control=submission to make Exim treat the message as a
99 # submission. It will fix up various errors in the message, for example, the
100 # lack of a Date: header line.
102 hosts = +relay_from_hosts
103 #control = submission/sender_retain
105 # Insist that any other recipient address that we accept is either in one of
106 # our local domains, or is in a domain for which we explicitly allow
107 # relaying. Any other domain is rejected as being unacceptable for relaying.
109 message = relay not permitted
110 domains = +local_domains : +relay_to_domains
113 # We also require all accepted addresses to be verifiable. This check will
114 # do local part verification for local domains, but only check the domain
115 # for remote domains.
120 # Warn if the sender host does not have valid reverse DNS.
122 # If your system can do DNS lookups without delay or cost, you might want
124 # If sender_host_address is defined, it's a remote call. If
125 # sender_host_name is not defined, then reverse lookup failed. Use
126 # this instead of !verify = reverse_host_lookup to catch deferrals
127 # as well as outright failures.
129 message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
130 verify = reverse_host_lookup
132 # At this point, the address has passed all the checks that have been
133 # configured, so we accept it unconditionally.
137 # vim: set sts=2 expandtab sw=2 ai: