This is an old revision of the document!
Exim4 - Stop Exim being an open relay
Adjusting the acl_smtp_rcpt ACL.
Examples
Accept anything locally generated:
accept hosts = :
Accept anything from authenticated users:
accept authenticated = *
Accept anything from the local network:
accept hosts = +local_network
here you have to decide what “local_network” means - for example, you might want to define it as 192.168.0.0/16.
Reject non-local domains:
deny domains = !+local_domains
message = Relaying denied
this is what stops your Exim from being an open relay. Again, you have to decide what local_domains means.
Reject invalid recipients:
require verify = recipient
this causes Exim to check that the recipient is routeable. For example, bob@your.example.com might exist, but lktjnho@your.example.com might not. Using verify = recipient, in conjunction with the right router configuration, causes Exim to reject the bad addresses at RCPT time. If you want to add extra checks (such as consulting DNS blacklists, or rejecting “bounce” messages with large numbers of recipients), this would be a good place to do add them.
Accept the rest:
accept