Re: [Exim] Permitting relaying on rcpt to

Top Page
Delete this message
Reply to this message
Author: Sascha E. Pollok
Date:  
To: Philip Hazel
CC: exim-users
Subject: Re: [Exim] Permitting relaying on rcpt to
>> >> Could someone give an example for a verifying router? I am not very
>> >> experienced
>> >> in exim's router-config.
>> >
>> >verify_only:
>> > driver = domainlist
>> > verify_only
>> > domains = the.domain
>> > local_parts = the.local.part
>> > route_list = *
>>
>> In context with my original problem with relaying that depends only
>> in RCPT TO, EXIM finds the domain in relay_domains, runs through
>> the router, the local_parts doesn't match and the router fails.
>> But then, the domain is looked up via lookuphost (remote_smtp transport)
>> and relaying is done.
>
>Oh dear, this is getting more complicated than I thought. You need
>another router to fail verification for the rest of the domain.
>
>  verify_only:
>    driver = domainlist
>    verify_only
>    domains = the.domain
>    route_list = *
>    fail_verify 

>
>Actually, now that I think of it, it is better to put
>
> condition = ${if eq {$local_part@$domain}{xxxx@yyyy}{yes}{no}}
>
>on the first router, to test the combination rather than each part
>separately with domains and local_parts.


To get this more complicated: now the verifying is failing, when
the local_parts are not matching. But perhaps the other party (in the
SMTP-Session) belongs to our local network and relaying to any
destination at the domain IS possible.

What we are trying is: a Domain xxx.yy ist NOT local and we normally
DON'T permit relaying to this domain except for our local-networks
(sender_net_accept_relay). But WHEN we get a mail that needs to
be relayed and doesn't originate from a sender_net_accept_relay host,
relaying IS permitted when it carries a specific recipient.

If the SMTP sender is NOT in sender_net_accept_relay and the domain
is not in local_domains, relaying is not permitted. Except when
the recipient matches - then relaying is ok.

When the SMTP sender is in sender_net_accept_relay, we don't need
to care about anything.

---
Sascha E. Pollok
Internet Port Hamburg
Technical Staff / Network Operations
Grosse Reichenstrasse 27
D-20457 Hamburg
Germany
Tel.   +49 (0)40 37 49 19-0
Fax    +49 (0)40 37 49 19-29
Email: sp@???
ICQ #38955239