(EXIM) ACL for only allowing internal domain to send to internal group alias

access-control-listaliasexim

I'm trying to create an ACL rule that will only allow internal users/white listed users to send to particular group aliases such as all@ or office2@

I know I need something similar to:

deny       log_message =  $sender_address is not permitted to send to myprotecteddomain.com my2protecteddomain.com
           domains     = myprotecteddomain.com : my2protecteddomain.com
           ! senders   = *myowndomain.com

But possibly using an external file with white-listed addresses in, I'm not that good at Exim ACLs!

Best Answer

If you need this only for local users then I think you should not use sender because it can be falsified without any trouble - instead you should configure SMTP auth (begin authenticators section) and next you can use something like this:

deny  recipients   = lsearch*@;/etc/exim/protected-recipients
      !authenticated = *
      message      = Sending denied - protected list - not authenticated - returned to sender
      log_message  = PROTECTED - sending denied not - authenticated - - logged to file

deny  recipients   = lsearch*@;/etc/exim/protected-recipients
      condition    = ${lookup{$authenticated_id}lsearch{/etc/exim/allowed-users}{no}{yes}}
      message      = Sending denied - protected list - no access - returned to sender
      log_message  = PROTECTED - sending denied - no access - logged to file

For recipients I use lsearch*@; so you can use both full email addresses and wilcarded like this:

protected-user@general.domain
*@protected-domain

For authenticated users you need just list it names line by line (note yes and no order in lookup).

If you need remote users too, then you can add:

accept  recipients   = lsearch*@;/etc/exim/protected-recipients
    !sender_domains = +local_domains
    condition    = ${lookup{$sender_address}lsearch{/etc/exim/allowed-users}{yes}{no}}

before first deny and list addresses one per line.

Related Solutions

Exim ACL to limit sender to send mail only to localdomain

Add the next rule at the beginning of acl_rcpt (or how you have called it)

deny condition = ${lookup{$sender_address}nwildlsearch{/path/to/the/local.user.list}{yes}}
       domains = !+local_domains

File /path/to/the/local.user.list should contain regexps one per line:

^john@domain\.tld
^.*_dpt@domain\.tld
^.*@inner\.domain\.tld

Exim routing based on individual email addresses

The Exim Book gives an example of manualroute with user part lookups 5.6.1 Using a manualroute router

Below please find it modified to your needs (based on 7.4 The manualroute router in the book):

exchange_people:
   driver = manualroute
   domains = example.net  ## limit router to addresses in example.net domain
   local_parts = lsearch;/etc/e_users 
   route_list = * exchange.example.net ## send to  exchange.example.net host
   transport = remote_smtp

Best Answer

Related Solutions

Exim ACL to limit sender to send mail only to localdomain

Exim routing based on individual email addresses

Related Topic