F.F. Jacot Guillarmod writes:
>
[...]
>
> So, to simplify the description of the setup, we have:
>
> exim.ru.ac.za as the MX target and outgoing SMTP gateway for
>
> novella.ru.ac.za and
> novellb.school.za
>
> which means we want exim.ru.ac.za to accept relaying from anywhere
> destined for either novella or novellb (because it is an MX target for
> these systems), but to prevent relaying to anywhere else.
>
> We also want exim.ru.ac.za to accept relaying only from novella and
> novellb to anywhere else (because it is the SMTP gateway for these
> machines).
>
> Try as I might, I can't get this to work symmetrically. Seemingly,
> whichever permutation I try of the sender_host_reject_relay and
> relay_domains family of parameters, I can get exim to deliver only to
> novella/b, but then block off gatewaying from novella/b or vice versa.
> I've read the docs (for exim 1.71) what seems like several dozen times,
> and am either hopelessly confused, or else exim doesn't support this
> particular scenario.
Perhaps you are having problems because the situation isn't really
all that symmetric, at least as Exim sees it.
You want to accept e-mail for the *domains* novella.ru.ac.za &
novellb.school.za, from the world in general, so you need to
put them in relay_domains (a domain-list).
You want to accept e-mail for the world in general from certain
*hosts* associated with those domains. For this you usually use
sender_host_accept_relay (a host-list) or sender_net_accept_relay
(a net-list). If you use the former, you can specify host names
rather than IP addresses, but in that case you had better make sure
that they are reliably in the DNS. [Use of patterns in the host names
means that reverse lookup in the DNS will be used.]
You may also want to ensure that mail you relay for these machines
is restricted to certain envelope senders; for that you use
sender_address_relay (an address-list).
If you think this is what you have been doing, perhaps you could supply
the values of the parameters in question, and what sort of entries you
get in your log/rejectlog when it doesn't work? I can't second-guess you
because the names you use above are, I think, imaginary (simplified!) - at
any rate, they aren't in the DNS as I see it here.
Chris Thompson Cambridge University Computing Service,
Email: cet1@??? New Museums Site, Cambridge CB2 3QG,
Phone: +44 1223 334715 United Kingdom.
--
* This is sent by the exim-users mailing list. To unsubscribe send a
mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/
