On Thu, Aug 09, 2001 at 02:43:43AM +0200, Phil Pennock wrote:
> > Basically, users have to be able to send mail to other users in a list of
> > local domains, and I can easily force them to only send mail through the
> > local exim by invoquing it directly (which is what legitimate users do
> > anyway, they run mail from cron or something like that), I simply need to
> > restrict which domains exim is going to be willing to relay mail for (i.e.
> > none, except a short whitelist)
>
> So, uhm, don't provide a router which handles mail to those domains?
That's my current plan if I don't come up with anything better.
I was somehow hoping to use the exim relay tweaking infrastructure, and the
ender_address_relay feature as needed (not perfect, but good enough).
Off hand, I'm not sure how to have a router to * for a certain user
whitelist, but if I can't have that easily, I could live without it.
> If the "local domains" send mail outside, by aliases or whatever, just
> use a separate config for the Exim processes which handle those.
> Probably a separate Exim build, with different spood, in case the mail
> gets deferred for later delivery (or just have it on a different
> machine).
Exim on that machine only sends mail when invoqued directly and by relaying
through another machine.
I could have something gross like a setgid binary that looks at the user id,
and depending on the id runs exim with one config or another (one lets your
mail anywhere and not the other one) (the exim binary being then something
like mail.mail 0750)
Actually the above is so discusting that it may actually work :-)
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page:
http://marc.merlins.org/ | Finger marc_f@??? for PGP key
