reject relaying attempts first?
Robert Millan
rmh at aybabtu.com
Wed Jul 26 18:44:06 UTC 2006
What would you think of rejecting relaying attempts as soon as we know we're
not dealing with a host that is authorised to relay? I.e., right after the
MUA authentication checks.
Index: 30_exim4-config_check_rcpt
===================================================================
--- 30_exim4-config_check_rcpt (revision 1523)
+++ 30_exim4-config_check_rcpt (working copy)
@@ -148,6 +148,11 @@
authenticated = *
control = submission/sender_retain
+ # We are not going to relay for this message, so if it's a relaying attempt,
+ # it can be rejected right now, before the more expensive checks take place.
+ deny
+ !domains = +local_domains : +relay_to_domains
+ message = relay not permitted
# deny bad senders (envelope sender)
# CONFDIR/local_sender_blacklist holds a list of envelope senders that
--
Robert Millan
My spam trap is honeypot at aybabtu.com. Note: this address is only intended for
spam harvesters. Writing to it will get you added to my black list.
More information about the Pkg-exim4-maintainers
mailing list