EXIM sender whitelist

[walo]

Hello,

I am looking for a way to make a sender whitelist.
Like:
A file with a list of email addresses which are allowed to send email. Email defined in the "From" header.

Or a file with a list of domains which are allowed to send emails, like /etc/virtual/domains

Any other email or domain in the "From" header will be blocked to send emails.

With this I want to block outgoing spam.

Is this possible?

 

[nobaloney]

Anything is possible; as I've written previously Even striking a match on a wet cake of soap.

In fact such whitelists exist. Here's an extract from the new SpamBlocker 3.2-RC:

  # sender domains whitelist
  # accept if sender domain is in whitelist
  accept  sender_domains = +whitelist_domains
         logwrite = $sender_host address whitelisted in local whitelist

  # sender hosts whitelist
  # accept if sender host is in whitelist
  accept  hosts = +whitelist_hosts
  accept  hosts = +whitelist_hosts_ip
         logwrite = $sender_host address whitelisted in local whitelist

  # envelope senders whitelist
  # accept if envelope sender is in whitelist
  accept  senders = +whitelist_senders
          logwrite = $sender_host_address whitelisted in local whitelist

However using these are dangerous, because anyone in the world can spoof those addresses and send email.

I think what you're really looking for is a blocking ACL to block all emails not in a certain list.

I strongly suggest you wait until Version 3.2 is out and on your server(s) before you make this kind of change; you could spend a lot of time and money working on something that will soon be obsolete.

Jeff

 

[walo]

Hello Jeff, and thank you.
With this feature any domain not in white_list will be rejected?

However using these are dangerous, because anyone in the world can spoof those addresses and send email.

What is this mean? Anybody can send emails with my server without autentication?

 

[nobaloney]

If you just use the whitelist, and whitelist an address, then yes, it can use your server to send email without authentication.

Personally I don't recommend whitelisting domains and possibly not even senders, but the code stays because some people think they need it.

The documentation for my newest SpamBlocker3 exim.conf file will be available on final release and will be very thorough.

Jeff

 

[walo]

If you just use the whitelist, and whitelist an address, then yes, it can use your server to send email without authentication.

And there is no way to require authentication?

Anything is possible

 

[nobaloney]

Yes, just remove from the whitelist. Authenticated email is all sent without being whitelisting, so you don't need to put the sender in a whitelist.

As I understand it you only want some of the authenticated senders to be able to relay email off the server. The problem is in that authentication is set automatically for everyone who receives email. You'd have to rewrite exim.conf to only allow certain authenticated senders to relay email off the server.

Jeff

 

[ckeilah]

I can't seem to stop the spam from jerks using MY OWN email address as their From: address. It seems that there should be some way to tell exim to ONLY accept incoming email listed as From: x@mylocaldomains FROM my local network. i.e. refuse to accept email listed as From: [email protected] if it's coming from outside. Any ideas? Thanks!

 

[nobaloney]

You can; search these forums. I've discussed this in a response within the last two days or so. However note that there are important reasons to not do this; I've written them in the other thread.

Jeff