On Mon, 18 Jun 2001, John Jetmore wrote:
> They need to be treated differently, unfortunately. Although you may not
> need this, let me explain our set up in a bit more detail.
Thinking through this in "Exim mode":
> 1) we have many customer who route their mail through us for virus
> scanning. I will refer to the generic domain.com. Under our smail set
> up, none of these domains are considered local.
>
> 2) mail is received, and it is matched against a scan_inbound router.
> This router (pathalias under smail) rewrites the address as
> 2scan.domain.com and hands it off to a scan_inbound router, which is a
> pipe that does various things with the message. This is a delivery
> transport.
Why does it need to rewrite the address? In Exim you could just match
these domains against a domainlist router, and route them to a transport
that does the pipe, without rewriting. Is there some reason why the
address has to be rewritten?
> 3) the program, when it is done with the message, calls /usr/lib/sendmail
> to re-introduce the message to the queue, still addressed to
> user@???.
What happens if you received a message from outside addressed to
user@????
> 4) Now the message is matched and handled by the scan_outbound router
> (also pathalias). This router statically routes the email to the
> customer's private email server and also rewrites the domain to
> scanned.domain.com.
How does it know what server to use if the address is always
user@???? I can't see how it distinguishes between
different original domains. Something is missing here (may be my
understanding).
> Those are the steps I need to replicate in exim. I need the upmost in
> flexibility, also, because, for instance, in step four above, some of our
> customers have the domain rewritten back to just domain.com. If at all
> possible, I would also like to avoid having to include a transport and
> router for each domain.
The way most people do virus scanning on Exim is to make use of the
"received protocol" field. That can be set (using -oMr) by a trusted
caller. They set up an Exim configuration that passes all messages (or
those to a specific domain(set)) to the scanner unless the received
protocol is "scanned-ok". The scanner is permitted to pass them back
with that particular setting. Thus, no rewriting of any addresses is
involved. All you need is a first router which says, in effect,
If domain matches xxx and received-protocol is not scanned-ok, route
to such-and-such-a-transport.
You can use the "domains" and "condition" options to do this. (Or match
the domains in a domainlist route_list pattern.) The transport sets up
the pipe.
If you were to adopt such an approach, then rewriting certain
domains xxx.domain.com to just domain.com after scanning is a
rewriting issue, not a routing issue. Exim's rewriting rules should be
able to handle that.
[I'm beginning to suspect that this problem is a conflation of rewriting
and routing - things which I feel ought to be entirely separate. There's
a history of people using rewriting for routing - starting with Sendmail
- and my feeling is that is just confuses things.]
If this doesn't help enough, send me a real example with some real
domain names off the list (I suspect I'm not quite understanding how
your names work) and I'll generate more details.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
