The Exim configuration file contains global definitions at the
top (we will call this the main section),
followed by several other sections. Each of these other sections starts with:
A.2.1. Access Control Lists
As of version 4.xx, Exim incorporates perhaps the most
sophisticated and flexible mechanism for SMTP-time filtering
available anywhere, by way of so-called Access
Control Lists (ACLs).
An ACL can be used to evaluate whether to accept or reject an
aspect of an incoming message transaction, such as the initial
connection from a remote host, or the
HELO/EHLO, MAIL FROM:,
or RCPT TO: SMTP commands. So, for
instance, you may have an ACL named
acl_rcpt_to to validate each RCPT
TO: command received from the peer.
An ACL consists of a series of statements
(or rules). Each statement starts with
an action verb, such as accept,
warn, require,
defer, or deny, followed by
a list of conditions, options, and other settings pertaining
to that statement. Every statement is
evaluated in order, until a definitive action (besides
warn) is taken. There is an implicit
deny at the end of the ACL.
A sample statement in the acl_rcpt_to ACL
above may look like this:
deny
message = relay not permitted
!hosts = +relay_from_hosts
!domains = +local_domains : +relay_to_domains
delay = 1m
|
This statement will reject the RCPT TO:
command if it was not delivered by a host in the
"+relay_from_hosts" host list, and the recipient
domain is not in the "+local_domains" or
"+relay_to_domains" domain lists. However, before
issuing the "550" SMTP response to this command,
the server will wait for one minute.
To evaluate a particular ACL at a given stage of the message
transaction, you need to point one of Exim's policy
controls to that ACL. For instance, to use the
acl_rcpt_to ACL mentioned above to evaluate the
RCPT TO:, the main section of your Exim
configuration file (before any begin keywords)
should include:
acl_smtp_rcpt = acl_rcpt_to |
For a full list of such policy controls,
refer to section 14.11 in the Exim specifications.
A.2.2. Expansions
A large number of expansion items are
available, including run-time variables, lookup functions,
string/regex manipulations, host/domain lists, etc. etc. An
exhaustive reference for the last x.x0 release (i.e. 4.20,
4.30..) can be found in the file "spec.txt"; ACLs
are described in section 38.
In particular, Exim provides twenty general purpose expansion
variables to which we can assign values in an ACL statement:
$acl_c0 - $acl_c9 can
hold values that will persist through the lifetime of an
SMTP connection.
$acl_m0 - $acl_m9 can
hold values while a message is being received, but are
then reset. They are also reset by the
HELO, EHLO,
MAIL, and RSET
commands.