Not registered ? Sign Up!
IceWalkers.com - Linux Software downloads and news
Name : Password :
Forgot your password?
Linux SoftwareLinux RPMLinux HowtosLink UsAboutAdvertise
What's new? | Linux Software | Linux RPM Database | Linux Howtos | Add Software |
Free eBook: The 7 Things that IT Security Professionals MUST KNOW!

HOWTOs

Search Howtos :Match :
Howtos Index
Spam Filtering for Mail Exchangers:
PrevAppendix A. Exim ImplementationNext

A.2. The Exim Configuration File

The Exim configuration file contains global definitions at the top (we will call this the main section), followed by several other sections[1]. Each of these other sections starts with: 
begin section

We will spend most of our time in the acl section (i.e. after begin acl); but we will also add and/or modify a few items in the transports and routers sections, as well as in the main section at the top of the file.

A.2.1. Access Control Lists

As of version 4.xx, Exim incorporates perhaps the most sophisticated and flexible mechanism for SMTP-time filtering available anywhere, by way of so-called Access Control Lists (ACLs).

An ACL can be used to evaluate whether to accept or reject an aspect of an incoming message transaction, such as the initial connection from a remote host, or the HELO/EHLO, MAIL FROM:, or RCPT TO: SMTP commands. So, for instance, you may have an ACL named acl_rcpt_to to validate each RCPT TO: command received from the peer.

An ACL consists of a series of statements (or rules). Each statement starts with an action verb, such as accept, warn, require, defer, or deny, followed by a list of conditions, options, and other settings pertaining to that statement. Every statement is evaluated in order, until a definitive action (besides warn) is taken. There is an implicit deny at the end of the ACL.

A sample statement in the acl_rcpt_to ACL above may look like this: 

  deny
    message  = relay not permitted
    !hosts   = +relay_from_hosts
    !domains = +local_domains : +relay_to_domains
    delay    = 1m

This statement will reject the RCPT TO: command if it was not delivered by a host in the "+relay_from_hosts" host list, and the recipient domain is not in the "+local_domains" or "+relay_to_domains" domain lists. However, before issuing the "550" SMTP response to this command, the server will wait for one minute.

To evaluate a particular ACL at a given stage of the message transaction, you need to point one of Exim's policy controls to that ACL. For instance, to use the acl_rcpt_to ACL mentioned above to evaluate the RCPT TO:, the main section of your Exim configuration file (before any begin keywords) should include: 
acl_smtp_rcpt = acl_rcpt_to

For a full list of such policy controls, refer to section 14.11 in the Exim specifications.

A.2.2. Expansions

A large number of expansion items are available, including run-time variables, lookup functions, string/regex manipulations, host/domain lists, etc. etc. An exhaustive reference for the last x.x0 release (i.e. 4.20, 4.30..) can be found in the file "spec.txt"; ACLs are described in section 38.

In particular, Exim provides twenty general purpose expansion variables to which we can assign values in an ACL statement:

  • $acl_c0 - $acl_c9 can hold values that will persist through the lifetime of an SMTP connection.

  • $acl_m0 - $acl_m9 can hold values while a message is being received, but are then reset. They are also reset by the HELO, EHLO, MAIL, and RSET commands.

Notes

[1]

Debian users: The exim4-config package gives you a choice between splitting the Exim configuration into several small chunks distributed within subdirectories below /etc/exim4/conf.d, or to keep the entire configuration in a single file.

If you chose the former option (I recommend this!), you can keep your customization well separated from the stock configuration provided with the exim4-config package by creating new files within these subdirectories, rather than modifying the existing ones. For instance, you may create a file named /etc/exim4/conf.d/acl/80_local-config_rcpt_to to declare your own ACL for the RCPT TO: command (see below).

The Exim "init" script (/etc/init.d/exim4) will automatically consolidate all these files into a single large run-time configuration file next time you (re)start.

PrevHomeNext
PrerequisitesUpOptions and Settings
Search Howtos :Match :
Howtos Index
VLC media player 0.9.7
Cross-platform media player and streaming server
Ruby 1.9.1 p2
Interpreted scripting language
NASM 2.06rc1
NASM is an 80x86 assembler designed for portability
Veejay 1.4.3
A Visual 'music' instrument and video tracking tool.
Evolution 2.25.2
GNOME mailer, calendar, contact manager and communications tool
Sylpheed 2.6.0rc
Mail User Agent based on GTK+
Nautilus 2.25.1
The Nautilus Environment -- Delivering a Richer User Experience
GtkHTML 3.25.2
HTML rendering/editing library
Pybliographer 1.2.12
Tool for managing bibliographic databases
GFTP 2.0.19
Free multithreaded ftp client
Free IT Magazines, White Papers, eBooks, and more !
Oracle Magazine

Contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more.
eWeek

The essential technology information source for builders of e-business.
BusinessWeek (Digital Edition)

Provides readers a deeper understanding of the trends that drive growth, and what best practices keep them ahead of the competition.

Linux Software Map
Find Linux RPM
Best Rated Linux Software
Most Rated Linux Software
Linux Distributions
Linux Howtos
Quick Survey

Please take our survey and help us improve our website to serve you better.

Thank you.
Linux Software
Linux / IT Resources
Site Resources
Google
Privacy Policy
Contact Us
Submit Software
Advertising info