--On Thursday, September 21, 2006 2:33 PM -0400 Steve Sobol
<sjsobol@???> wrote:
> Exim 4.50, CentOS Linux 4.something
>
> I have a mail server that handles a small number of domains, around 20
> total. Five of those domains are spam-filtered through an external
> service and mail to those domains should ONLY be delivered through that
> company's SMTP servers. But I can't just tell exim to stop accepting
> mail sent directly to it, because that will break a bunch of other
> domains that AREN'T filtered, for which exim SHOULD accept mail directly.
>
> How do I tell Exim to only accept messages handed off from a particular
> block of IPs, but *only* for certain domains?
Thank you to everyone who replied, especially John Robinson, whose solution
I used.
UNFILTERED_DOMAINS=mysql;select domain from unfiltered_domains where
domain='$domain'
FILTERED_DOMAINS=mysql;select domain from filtered_domains where
domain='$domain'
LOCAL_DOMAINS=UNFILTERED_DOMAINS:FILTERED_DOMAINS
CLEANMESSAGE_IPS=mysql;select ip from filter_ips where
ip='$sender_host_address'
domainlist local_domains = LOCAL_DOMAINS
domainlist unfiltered_domains = UNFILTERED_DOMAINS
domainlist filtered_domains = FILTERED_DOMAINS
hostlist filter_relays = CLEANMESSAGE_IPS
acl_check_rcpt:
deny local_parts = ^.*[@%!/|] : ^\\.
accept authenticated = *
accept hosts = :
accept domains = +unfiltered_domains
endpass
message = unknown user
verify = recipient
accept hosts = +relay_from_hosts
accept domains = +filtered_domains
hosts = +filter_relays
endpass
message = unknown user
verify = recipient
deny message = relay not permitted
The only real downside to this solution was having to list the entire /27
worth of IP addresses one at a time, but I can live with that shortcoming.
On the other hand, if anyone has figured out how to use CIDR notation in
MySQL hostlist queries, let me know and I'll send you a virtual beer!
As a bonus, I eliminated spam sent to me as postmaster or root@{any number
of domains that I host but am not responsible for} by relocating my
/etc/mail/aliases router.
Having done testing from my cablemodem and one of the filtering servers in
question - I work for the company, so I have shell access to the servers -
I found that I can send to any of my domains from the filtering system.
>From outside, I can include addresses of several of the domains I
personally host. RCPT's to the filtered addresses give me a relaying denied
message, while RCPT's to the unfiltered addresses in the same SMTP
transaction are accepted.
Not bad for a couple hours of work. I love Exim. I shudder to think how
much work this would have required if I was still running Sendmail. :>
--
Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows
Apple Valley, California PGP:0xE3AE35ED
It's all fun and games until someone starts a bonfire in the living room.
