ACL Options

For WHM version 11.32

(Main >> Service Configuration >> Exim Configuration Editor >> ACL Options)

These options limit who is able to send mail to your server, in effect minimizing unwanted bandwidth usage.

To select ACL options:

Click the ACL Options tab.
Click the appropriate button for each option and enter a value in the box offered.
Click Save.

SpamAssassin is a spam detection and blocking program which examines the content of an email message and assigns it an overall score. The score is based on the number of spam-related traits that SpamAssassin finds in the message. If the message’s score exceeds a predefined limit, the message is discarded as spam. For more information, visit SpamAssassin's documentation.

HELO is a command sent before an email that specifies the name of the sending domain. SpamAssassin can perform various checks on this information, such as ensuring that the domain name matches the IP address from which the message was sent. This prevents your server from receiving spam purporting to come from a false domain name.

SPF (Send Policy Framework) is a method for authenticating email messages, ensuring the message originated at the server from which it claims to have originated.

SpamAssassin™: Reject mail at SMTP time if the spam score is greater than this number
Attempt to block dictionary attacks
Blacklist: Reject mail sent directly to addresses of the primary hostname from remote servers
Ratelimit: incoming SMTP connections that do not send QUIT, have recently matched an RBL, or have attacked the server
SpamAssassin™: Ratelimit hosts which transport messages with a spam score above this number
Require incoming SMTP connections to send HELO before MAIL
Require incoming SMTP connections to send a HELO that does not match the primary hostname or a local IP address
Require incoming SMTP connections to send a HELO that does not match this server's local domains
Require incoming SMTP connections to send HELO conforming to internet standards
Blacklist: SPF Checking
Reject any recipient addresses after this number have been specified for a single message
Disconnect and ratelimit any connection that specifies more than this number of recipients for a single message

SpamAssassin™: Reject mail at SMTP time if the spam score is greater than this number

This option allows you to determine the spam score used by SpamAssassin to reject incoming messages. The score entered can be a positive or negative number. Scores with a single decimal point are accepted. You can also choose not to use this option.

Attempt to block dictionary attacks

This option allows you to block dictionary attacks by dropping and rate limiting hosts that have more than 4 failed recipients. A dictionary attack is a method whereby a malicious user tries to guess a password using words found in a dictionary.

Blacklist: Reject mail sent directly to addresses of the primary hostname from remote servers

This option allows you to reject messages in which the recipient is an address of your server's primary hostname. In general, no remote mail should be received for the primary hostname, a common target for spammers. A hostname is the unique, human recognizable name by which a server will be known across the Internet. For example, host.example.com.

Ratelimit: incoming SMTP connections that do not send QUIT, have recently matched an RBL, or have attacked the server

This option allows you to rate limit incoming SMTP connections that violate RFC's. Read more about RFC's.

SpamAssassin™: Ratelimit hosts which transport messages with a spam score above this number

This option allows you to determine the spam score used by SpamAssassin to rate limit hosts. The score entered can be a positive or negative number. Scores with a single decimal point are accepted. You can also choose not to use this option.

Require incoming SMTP connections to send HELO before MAIL

This option allows you to require that incoming SMTP connections send a HELO before sending a MAIL command

Require incoming SMTP connections to send a HELO that does not match the primary hostname or a local IP address

This option allows you to require that incoming SMTP connections send a HELO that does not match the primary hostname or a local IP address.

Require incoming SMTP connections to send a HELO that does not match this server's local domains

This option allows you to require that incoming SMTP connections send a HELO that does not match your server's local domains.

Require incoming SMTP connections to send HELO conforming to internet standards

This option allows you to require that incoming SMTP connections send a HELO conforming with the internet standards set forth in RFC2821 4.1.1.1. Read more about RFC's.

Blacklist: SPF Checking

This option allows you to reject messages from a sender that has failed SPF (Sender Policy Framework) checks. More information on SPF checks is available.

Reject any recipient addresses after this number have been specified for a single message

This option allows you to determine the number of recipient addresses your server will accept in a single message. You can also choose not to use this option.

Note: RFC's specify that SMTP servers should accept at least 100 RCPT commands for a single message. Read more about RFC's.

Disconnect and ratelimit any connection that specifies more than this number of recipients for a single message

This option allows you to determine the number of recipient addresses your server will permit in a single message before disconnecting and rate limiting a connection. You can also choose not to use this option.

Note: RFC's specify that SMTP servers should accept at least 100 RCPT commands for a single message. Read more about RFC's .

Topic revision: r8 - 07 Feb 2012 - 18:26:46 - Main.JustinSchaefer