Re: [exim] Limiting incoming connections on a per-domain bas…

Top Page
This message is part of the following thread:
M-+\the complete thread tree sorted by date
M\MMOdhiambo G. Washington at <-
MMMW B Hacker at ->
Delete this message
Reply to this message
Author: John Robinson
Date:  
To: Steve Sobol
CC: exim-users
Subject: Re: [exim] Limiting incoming connections on a per-domain basis
On 21/09/2006 19:33, Steve Sobol wrote:
> Exim 4.50, CentOS Linux 4.something
>
> I have a mail server that handles a small number of domains, around 20
> total. Five of those domains are spam-filtered through an external service
> and mail to those domains should ONLY be delivered through that company's
> SMTP servers. But I can't just tell exim to stop accepting mail sent
> directly to it, because that will break a bunch of other domains that
> AREN'T filtered, for which exim SHOULD accept mail directly.
>
> How do I tell Exim to only accept messages handed off from a particular
> block of IPs, but *only* for certain domains?

If you have something like the default configuration, perhaps I can
help, but be warned, I am not an expert.

You would need to split up your local_domains into two, because you're
going to accept them separately (under different conditions). Firstly,
where you define what local_domains are, change that single definition
to something like

domainlist unfiltered_domains = unfiltered1.example.com :
unfiltered2.example.com
domainlist prefiltered_domains = prefiltered1.example.com :
prefiltered2.example.com
domainlist local_domains = +unfiltered_domains : +prefiltered_domains
hostlist prefilter_hosts = their-mx.example.com : 192.168.1.1 :
172.22.120.0/20 : 10.123.0.0/16 

Then look for where you have the following, which will be in the 
acl_check_rcpt:
   accept  domains       = +local_domains
           endpass
           verify        = recipient


Change it to
   accept  domains       = +unfiltered_domains
           endpass
           verify        = recipient


   accept  domains       = +prefiltered_domains
           hosts         = prefilter_hosts
           endpass
           verify        = recipient


And if you want a message other than the standard "relay not permitted" 
message, then just before the
   deny    message       = relay not permitted


you could also add
   deny    message       = I do not accept mail for that domain from your IP
           domains       = +prefiltered_domains
           hosts         = !+prefilter_hosts


but you don't need to because the messages will be denied anyway.
Actually perhaps the default message is better if your server is never
listed publically as an MX for the prefiltered domains, as your server
will respond as if it knows nothing about them for clients connecting
from the 'net at large.

Cheers,

John.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Limiting incoming connections on a per-domain basisRe: [exim] Limiting incoming connections on a per-domain basis->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)