summaryrefslogtreecommitdiff
path: root/debian/debconf/default_acl
diff options
context:
space:
mode:
Diffstat (limited to 'debian/debconf/default_acl')
-rw-r--r--debian/debconf/default_acl48
1 files changed, 48 insertions, 0 deletions
diff --git a/debian/debconf/default_acl b/debian/debconf/default_acl
new file mode 100644
index 0000000..452615c
--- /dev/null
+++ b/debian/debconf/default_acl
@@ -0,0 +1,48 @@
+Access Control in the default configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+The Debian exim 4 package comes with a default configuration that
+allows flexible access control and blacklisting of sites and hosts.
+The acls involved can be found in /etc/exim4/conf.d/acl with the file
+names 20_exim4-config_whitelist_local_deny and 30_exim4-config_check_rcpt,
+thus all rejections of messages due to this mechanism happen at RCPT
+time. Local configuration of the mechanisms happen through data files
+in /etc/exim4, so there is normally no need to change the files in the
+acl subdirectory.
+
+/etc/exim4/local_sender_blacklist contains a list of envelope senders
+whose messages will be denied with the error message "locally
+blacklisted". This is a full exim 4 address list, and all available
+features can be used. This includes negative items, and so it is
+possible to exclude addresses from being blacklisted. For convenience,
+as an additional method to whitelist addresses from being blocked, an
+explicit whitelist is read in from /etc/exim4/local_sender_whitelist.
+Entries in the whitelist override corresponding blacklist entries.
+
+In the blacklist, the trick is to read a line break as "or" if it
+follows a positive item, and as "and" if it follows a negative item.
+
+For example, a /etc/exim4/local_sender_blacklist
+
+domain1.example
+!local@domain2.example
+domain2.example
+domain3.example
+
+Exim just evaluates left to right (or up-down in the file listing
+context), so you don't get the same kind of operator binding as in a
+programming language.
+
+/etc/exim4/local_host_blacklist contains a list of IP addresses,
+networks and host names whose messages will be denied with the error
+message "locally blacklisted". This is a full exim 4 host list. Again,
+negative items can be used here, and there is also an explicit
+whitelist read in from /etc/exim4/local_host_whitelist, and whitelist
+entries override blacklistings.
+
+The example access list shipped in
+/usr/share/doc/exim4-config/examples/acl/30_exim4-config_example_check_rcpt
+includes a bunch of dnslists configured to warn and/or deny incoming
+messages. Some of these lists have a corresponding whitelist, read
+in from /etc/exim4/local_$DNSLISTNAME_whitelist which allows the local
+administrator to override dnslist entries for domains or IP addresses
+that should be able to send mail despite the dnslist entry.
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-02 15:17:53 +0000