This is an old revision of the document!

Exim4 - Reject emails with many To/Cc recipients

First, it is important that you understand that a customer can send an email with 1 address in the To header but actually send it to 1000 people if they figure out how to abuse it just right. Counting the number of email addresses in the To: or Cc: header does not guarantee that you'll block emails that a customer is sending. You'll only block their emails if they abuse your system in a naive way. However, you stated that they are just putting everything in the To field (i.e. the naive way), so the rest of this answer assumes that's the way the data is being submitted to your Exim server.

Now, to answer your question directly as you asked it: In the DATA ACL (only in the DATA ACL!), you can check the number of email addresses in the To or Cc header by a two step process. To test these headers, you access it with $h_To: and $h_Cc: The trailing colon is required. Let's assume that the To: header is:

"Org user" <todd@example.org>,<tlyons@example.com>,"Todd Lyons" <todd@example.net>

With this example, I'll show you what each step of the two step process does:

# Step 1: To header converted to a (colon-separated) list

$ exim -be '${addresses:"Org user" <todd@example.org>,<tlyons@example.com>,"Todd Lyons" <todd@example.net>}'
todd@example.org:tlyons@example.com:todd@example.net

# step 2: Now count the number of list items

$ exim -be '${listcount:${addresses:"Org user" <todd@example.org>,<tlyons@example.com>,"Todd Lyons" <todd@example.net>}}'

With current versions of exim (4.82), what this will ultimately look like in your DATA ACL will be something like this:

deny     message = Too many recipients
         condition = ${if >{ ${listcount:${addresses:$h_To:,$h_Cc:}} }{10} {yes}{no}}

If you are using an older version, such as what's in Debian stable, you can use an older version that iterates over the list and increments a counter:

deny     message = Too many recipients
         condition = ${if >{ ${reduce {${addresses:$h_To:,$h_Cc:}} {0} {${eval:$value+1}}}} {10} {yes}{no}}

Note that in both cases above, the {yes}{no} portion is superfluous. The return of the ${if…} statement is always going to be a true or false, so with this in mind, you can leave it off if you want. I prefer to explicitly put it in because it makes it more readable (to me, and to any who might follow me and have to read this code).