Previous   Next   Contents       (Exim 4.40 Specification)

38. Access control lists

Access Control Lists (ACLs) are defined in a separate section of the run time configuration file, headed by “begin acl”. Each ACL definition starts with a name, terminated by a colon. Here is a complete ACL section which contains just one very small ACL: 

  begin acl
  
  small_acl:
    accept   hosts = one.host.only

You can have as many lists as you like in the ACL section, and the order in which they appear does not matter. The lists are self-terminating.

The majority of ACLs are used to control Exim's behaviour when it receives certain SMTP commands. This applies both to incoming TCP/IP connections, and when a local process submits a message over a pipe (using the -bs option). The most common use is for controlling which recipients are accepted in incoming messages. In addition, you can also define an ACL that is used to check local non-SMTP messages. The default configuration file contains an example of a realistic ACL for checking RCPT commands. This is discussed in chapter 7.

38.1. Testing ACLs

The -bh command line option provides a way of testing your ACL configuration locally by running a fake SMTP session with which you interact. The host relay-test.mail-abuse.org provides a service for checking your relaying configuration (see section 38.27 for more details).

38.2. Specifying when ACLs are used

In order to cause an ACL to be used, you have to name it in one of the relevant options in the main part of the configuration. These options are:

  acl_not_smtp  ACL for non-SMTP messages
  acl_smtp_auth  ACL for AUTH
  acl_smtp_connect  ACL for start of SMTP connection
  acl_smtp_data  ACL after DATA
  acl_smtp_etrn  ACL for ETRN
  acl_smtp_expn  ACL for EXPN
  acl_smtp_helo  ACL for HELO or EHLO
  acl_smtp_mail  ACL for MAIL
  acl_smtp_mailauth  ACL for the AUTH parameter of MAIL
  acl_smtp_rcpt  ACL for RCPT
  acl_smtp_starttls  ACL for STARTTLS
  acl_smtp_vrfy  ACL for VRFY

For example, if you set 

  acl_smtp_rcpt = small_acl

the little ACL defined above is used whenever Exim receives a RCPT command in an SMTP dialogue. The majority of policy tests on incoming messages can be done when RCPT commands arrive. A rejection of RCPT should cause the sending MTA to give up on the recipient address contained in the Exim 4.40 Specification Concepts

Concepts

 A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Z  


$1, $2, etc. see numerical variables
$bheader_
$header_
$host  [2]
$host_address  [2]
$rheader_
$value  [2]  [3]
*@ with single-key lookup  [2]
+caseful  [2]
+defer_unknown
+exclude_unknown
+ignore_unknown
+include_unknown  [2]
-be option  [2]
-bF option
-bf option
-bh option  [2]
-bi option
-bp option
-bt option
-bv option  [2]
-C option
-D option
-f option
-f option:for address testing
-f option:for filter testing
-f option:overriding “From” line
-M option  [2]
-os option
-q option  [2]
-R option
-t option
.ifdef
.include in configuration file
.include_if_exists in configuration file
/dev/null
/etc/aliases
/etc/mail/mailer.conf
/etc/userdbshadow.dat
8-bit characters  [2]  [3]
8BITMIME
@ in a domain list  [2]
@ in a host list
@@ with single-key lookup
@[] in a domain list
@[] in a host list
@mx_any
@mx_primary
@mx_secondary

A
abandoning mail  [2]
accept router
ACL:certificate verification
ACL:conditions, list of
ACL:conditions, processing
ACL:customized test
ACL:data for message ACL
ACL:data for non-message ACL
ACL:default configuration
ACL:description
ACL:for non-SMTP messages
ACL:format of
ACL:indirect
ACL:introduction
ACL:modifiers, list of
ACL:modifiers, processing
ACL:nested
ACL:on SMTP connection 
ACL:options for specifying
ACL:relay control
ACL:return codes
ACL:rewriting addresses in
ACL:setting up for SMTP commands
ACL:specifying which to use
ACL:testing a DNS list  [2]
ACL:testing a local part
ACL:testing a recipient
ACL:testing a recipient domain
ACL:testing a sender
ACL:testing a sender domain
ACL:testing for authentication
ACL:testing for encryption
ACL:testing the client host
ACL:unset options
ACL:variables
ACL:verbs, definition of
ACL:verifying header syntax
ACL:verifying HELO/EHLO
ACL:verifying host reverse lookup
ACL:verifying recipient
ACL:verifying sender
ACL:verifying sender in the header
adding drivers
additional groups  [2]
address list:@@ lookup type
address list:case forcing
address list:empty item
address list:in a rewriting pattern
address list:in expansion condition
address list:local part starting with !
address list:lookup for complete address
address list:patterns
address list:regular expression in
address list:split local part and domain
address redirection:broken files
address redirection:disabling rewriting
address redirection:domain, preserving
address redirection:errors
address redirection:included external list
address redirection:local part without domain
address redirection:non-filter list items
address redirection:one-time expansion
address redirection:redirect router
address redirection:repeated for each delivery attempt
address redirection:to black hole
address redirection:to file
address redirection:to local mailbox
address redirection:to pipe
address redirection:while verifying  [2]
address:constructed
address:copying routing  [2]
address:duplicate, discarding  [2]
address:qualification  [2]
address:qualification, suppressing
address:sender
address:source-routed
address:testing  [2]
address:verification
address:without domain
address||rewriting see rewriting
admin user  [2]  [3]
admin user:definition of
alias file:backslash in
alias file:broken
alias file:building  [2]
alias file:exception to default
alias file:in a redirect router
alias file:one-time expansion
alias file:ownership
alias file:per-domain default
alias for host
alternate configuration file
angle brackets, excess
appendfile transport
appending to a file
asterisk:after IP address
asterisk:in address list
asterisk:in domain list
asterisk:in host list  [2]
asterisk:in lookup type
asterisk:in search type
Athena
AUTH:ACL for  [2]
AUTH:advertising
AUTH:advertising when encrypted
AUTH:argument
AUTH:configuration  [2]
AUTH:description of
AUTH:in plaintext authenticator
AUTH:logging
AUTH:on bounce message
AUTH:on MAIL command  [2]  [3]  [4]
AUTH:testing a server
AUTH:with PAM
authentication
authentication:ACL checking
authentication:advertising
authentication:bounce message
authentication:CRAM-MD5 mechanism
authentication:failure
authentication:generic options
authentication:id
authentication:id, specifying for local message
authentication:logging
authentication:LOGIN mechanism
authentication:Microsoft Secure Password
authentication:name, specifying for local message
authentication:NTLM
authentication:on an Exim client
authentication:on an Exim server
authentication:optional in client
authentication:PLAIN mechanism
authentication:required by client
authentication:sender
authentication:sender, authenticated
authentication:sender, specifying for local message
authentication:testing a server
authenticators:cram_md5
authenticators:plaintext
authenticators:spa
auto_thaw
autoreply transport
autoreply transport:for system filter

B
background delivery
backlog of connections
backslash in alias file
bang paths:not handled by Exim
bang paths:rewriting
banner for SMTP
base36
base62  [2]  [3]  [4]
base64 encoding:conversion from hex
base64 encoding:creating authentication test data
base64 encoding:functions for local_scan() use
base64 encoding:in encrypted password
base64 encoding:in header lines
base64 encoding:in plaintext authenticator
batch_id
batch_max
batched local delivery
batched SMTP input  [2]
batched SMTP output
batched SMTP output example
Bcc: header line  [2]
Berkeley DB library
Berkeley DB library:file format
BIN_DIRECTORY
binary zero:in authentication data
binary zero:in header line
binary zero:in lookup key  [2]  [3]  [4]  [5]
binary zero:in message body  [2]
binary zero:in plaintext authenticator  [2]
binary zero:in RFC 2047 decoding
bind IP address
black hole
black list (DNS)  [2]  [3]  [4]
body of message:binary zero count
body of message:definition of
body of message:expansion variable  [2]
body of message:line count
body of message:size
body of message:transporting
body of message:visible size
books about Exim
boolean configuration values
bounce message:copy to other address
bounce message:customizing  [2]
bounce message:definition of
bounce message:discarding
bounce message:failure to deliver
bounce message:generating
bounce message:including body
bounce message:including original
bounce message:recipient of
Exim Filter Specification Contents

Exim Filter Specification