1
1
Access Control in the default configuration
2
2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3
The Debian exim 4 package comes with a default configuration that
4
The Debian exim 4 packages come with a default configuration that
4
5
allows flexible access control and blacklisting of sites and hosts.
5
The acls involved can be found in /etc/exim4/conf.d/acl with the file
6
names 20_exim4-config_whitelist_local_deny and 30_exim4-config_check_rcpt,
7
thus all rejections of messages due to this mechanism happen at RCPT
8
time. Local configuration of the mechanisms happen through data files
9
in /etc/exim4, so there is normally no need to change the files in the
6
The acls involved can be found in /etc/exim4/conf.d/acl, or in
7
/etc/exim4/exim4.conf.template, depending on which configuration
8
scheme you use. Most rejections of messages due to this mechanism
9
happen at RCPT time. Local configuration of the mechanisms happens
10
through data files in /etc/exim4 or via exim macros that you can set
11
in /etc/exim4/conf.d/main, so there is normally no need to change the
12
files in the acl subdirectory in a split-config setup. If you use
13
the non-split config, you need to edit /etc/exim4/exim4.conf.template,
14
which, as a big dpkg-conffile, won't give you any advantage of the
12
17
/etc/exim4/local_sender_blacklist contains a list of envelope senders
13
18
whose messages will be denied with the error message "locally
39
44
whitelist read in from /etc/exim4/local_host_whitelist, and whitelist
40
45
entries override blacklistings.
42
The example access list shipped in
43
/usr/share/doc/exim4-config/examples/acl/30_exim4-config_example_check_rcpt
44
includes a bunch of dnslists configured to warn and/or deny incoming
45
messages. Some of these lists have a corresponding whitelist, read
46
in from /etc/exim4/local_$DNSLISTNAME_whitelist which allows the local
47
administrator to override dnslist entries for domains or IP addresses
48
that should be able to send mail despite the dnslist entry.
47
The access list file also contains quite a few configuration options
48
that are too restrictive for a real-life site. These are masked by
49
.ifdef statements, can be activated by setting the appropriate macros,
50
and are documented in the ACL file itself.