[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 517
  • Last Modified:

Exim deny relay how di O di this?

A problem that I am having is  it seems like we are getting tons of main going through the server that we dont want going through.
It may be that exim is relaying  mail that it shouldn't. How do I lock it down to not relay mail unless it on my IP?
  • 3
1 Solution
You might consider some of the following :-

# The first setting specifies your local domains, for example:
#   domainlist local_domains = my.first.domain : my.second.domain
# You can use "@" to mean "the name of the local host", as in the default
# setting above. This is the name that is specified by primary_hostname,
# as specified above (or defaulted). If you do not want to do any local
# deliveries, remove the "@" from the setting above. If you want to accept mail
# addressed to your host's literal IP address, for example, mail addressed to
# "user@[]", you can add "@[]" as an item in the local domains
# list. You also need to uncomment "allow_domain_literals" below. This is not
# recommended for today's Internet.

# The second setting specifies domains for which your host is an incoming relay.
# If you are not doing any relaying, you should leave the list empty. However,
# if your host is an MX backup or gateway of some kind for some domains, you
# must set relay_to_domains to match those domains. For example:
# domainlist relay_to_domains = *.myco.com : my.friend.org
# This will allow any host to relay through your host to those domains.
# See the section of the manual entitled "Control of relaying" for more
# information.

# The third setting specifies hosts that can use your host as an outgoing relay
# to any other host on the Internet. Such a setting commonly refers to a
# complete local network as well as the localhost. For example:
# hostlist relay_from_hosts = :
# The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you
# have to include if you want to allow processes on your host to send
# SMTP mail by using the loopback address. A number of MUAs use this method of
# sending mail.

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

Then in the ACL's


  # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
  # testing for an empty sending host field.

  accept  hosts = :

  accept  hosts         = +relay_from_hosts

  accept  domains       = +local_domains
          verify        = recipient

  # Accept if the address is in a domain for which we are an incoming relay,
  # but again, only if the recipient can be verified.

  accept  domains       = +relay_to_domains
          verify        = recipient

  # Reaching the end of the ACL causes a "deny", but we might as well give
  # an explicit message.

  deny    message       = relay not permitted

In short, mostly the default configuration file. You may have to take out the control=submission if you are not using exim 4.60

I would also consider going to www.exim.org and searching the archives for information about relaying, also look at the spec.txt file that came with your exim (or again look on the website). Exim is well documented.

jbrashear72Author Commented:

Not sure that I understand...
accept  hosts         = +relay_from_hosts
does relay_from_hosts =  a file? /ike /etc/relay_from_hosts

I just want it recieve mail and allow users to pop in.

If you look in the example above :-
# hostlist relay_from_hosts = :

relay_from_hosts is an exim hostlist which defines a list of IP's or host names. This can then be referenced as +relay_from_hosts


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now