On Thu, 16 Dec 2004, Phill Wood wrote:
> But what I've been asked to do now is to deny routing to the Internet
> gateway machine for one network. This network must, however, be allowed
> to mail the other internal networks. I *need* to do this by IP. I wish I
> could do it by domain, but I'm not allowed for various reasons I won't
> go into.
You could do this with address_data: get the routers to set it to either
internal or external as appropriate. Then in an ACL you can say:
require
verify = recipient
deny
message = You aren't allowed to send external email
hosts = +restricted_hosts
condition = ${if eq{$address_data}{external} }
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
