I have a series of routers that basically protects internal aliases (ie
'staff@???') from external email, unless your domain is listed in
a file (ie personal employee domains). The simple one, for example:
internal_aliases:
driver = redirect
condition = ${lookup {$sender_address_domain} \
lsearch{/etc/domains.trusted}{yes}{no}}
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases.int}}
file_transport = address_file
pipe_transport = address_pipe
This isn't completely bulletproof; what I'd like to do is enhance it to
use $sender_host_address against $sender_address_domain (to make sure
they're not faking it, ie setting "From: billybob@???") in some
fashion - check that IP out for real.
Also, the above approach doesn't allow wildcards, I have to list each
allowed subdomain machine in the domains.trusted; what I'd like is to
allow *.fluid.com for instance, and somehow still use
$sender_host_address against $sender_address_domain to verify they
really are from fluid.com.
Any master config experts have some ideas? Is this even possible?
thanks!
-te
--
Troy Engel | Systems Engineer
Fluid, Inc |
http://www.fluid.com
