（EXIM）ACL 仅允许内部域发送到内部组别名

如果你只需要本地用户使用这个，那么我认为你不应该使用它，sender因为它很容易被伪造——相反，你应该配置 SMTP授權（begin authenticators部分），接下来你可以使用如下内容：

deny  recipients   = lsearch*@;/etc/exim/protected-recipients
      !authenticated = *
      message      = Sending denied - protected list - not authenticated - returned to sender
      log_message  = PROTECTED - sending denied not - authenticated - - logged to file

deny  recipients   = lsearch*@;/etc/exim/protected-recipients
      condition    = ${lookup{$authenticated_id}lsearch{/etc/exim/allowed-users}{no}{yes}}
      message      = Sending denied - protected list - no access - returned to sender
      log_message  = PROTECTED - sending denied - no access - logged to file

对于recipients我来说lsearch*@;，您可以像这样使用完整的电子邮件地址和通配符：

[email protected]
*@protected-domain

对于经过身份验证的用户，您只需逐行列出其名称（注意yes并按no查找顺序排列）。

如果您也需要远程用户，那么您可以添加：

accept  recipients   = lsearch*@;/etc/exim/protected-recipients
    !sender_domains = +local_domains
    condition    = ${lookup{$sender_address}lsearch{/etc/exim/allowed-users}{yes}{no}}

在第一次拒绝之前，每行列出一个地址。