On Tue, 2004-06-22 at 16:21, Giuliano Gavazzi wrote:
> At 2:19 pm +0200 2004/06/22, Wouter Verhelst wrote:
> >This is not what I want it to do. What's necessary is that the callout
> >should only be performed if the connection we're dealing with does /not/
> >originate from the system we would perform a callout to in the first
> >place. I've been searching in the documentation for an option to
> >accomplish this, but either I've missed something, or this isn't
> >possible... any hints?
[...]
> So, more generally:
>
> accept hosts = your_other_mailserver_ip
> domains = +local_domains
> endpass
> message = unknown user
> verify = recipient
>
> am I missing something....?
No, I was. I had tried using hosts= after the "endpass", which can't
work. Your idea will -- at least if there's a second ACL statement that
would do the callout.
> Also, you could have a single MX,
That's already the case.
> only one of the two machines would
> then receive mail from outside, and the other would not need to
> perform any callouts at all, resolving you problem at the source.
That would work, but they're both smarthosts for their local LAN, and
they both need to be able to send mail to the other end of the tunnel;
and I don't want to generate bounces when they're not necessary.
Thanks,
--
EARTH
smog | bricks
AIR -- mud -- FIRE
soda water | tequila
WATER
-- with thanks to fortune