(EXIM)ACL只允许内部域发送到内部组别名

我试图创build一个ACL规则,只允许内部用户/白名单用户发送到特定的组别别名,如all @或office2 @

我知道我需要类似的东西:

deny log_message = $sender_address is not permitted to send to myprotecteddomain.com my2protecteddomain.com domains = myprotecteddomain.com : my2protecteddomain.com ! senders = *myowndomain.com 

但是可能使用一个带有白名单地址的外部文件,我对Exim ACL并不擅长!

如果你只需要本地用户,那么我认为你不应该使用sender因为它可以被篡改,而不会有任何麻烦 – 相反,你应该configurationSMTP authentication ( begin authenticators部分),接下来你可以使用这样的东西:

 deny recipients = lsearch*@;/etc/exim/protected-recipients !authenticated = * message = Sending denied - protected list - not authenticated - returned to sender log_message = PROTECTED - sending denied not - authenticated - - logged to file deny recipients = lsearch*@;/etc/exim/protected-recipients condition = ${lookup{$authenticated_id}lsearch{/etc/exim/allowed-users}{no}{yes}} message = Sending denied - protected list - no access - returned to sender log_message = PROTECTED - sending denied - no access - logged to file 

对于recipients我使用lsearch*@; 所以你可以使用这两个完整的电子邮件地址和wilcarded像这样:

 [email protected] *@protected-domain 

对于通过身份validation的用户,您只需逐行列出它的名字(注意yesno查找顺序)。

如果您也需要远程用户,那么您可以添加:

 accept recipients = lsearch*@;/etc/exim/protected-recipients !sender_domains = +local_domains condition = ${lookup{$sender_address}lsearch{/etc/exim/allowed-users}{yes}{no}} 

首先拒绝并列出每行一个地址。