Re: [exim] Anyone using SRS ??

Top Page

Reply to this message
Author: Dan_Mitton
To: W B Hacker
CC: exim users
Subject: Re: [exim] Anyone using SRS ??
>>>> Yes, that is exactly the problem. I might have an answer...
>>>> forwarding_router:
>>>>   driver = redirect
>>>>   srs = forward
>>>>   data = $local_part@$domain
>>>>   srs_condition = \
>>>>     ${if and \
>>>>       { \
>>>>         {!eq{$sender_address}{}} \
>>>>         {match_ip{$sender_host_address}{+relay_from_hosts}} \
>>>>         {!match_domain{$sender_address_domain}{+relay_to_domains}} \
>>>>       } \
>>>>     }

>>>> What I think I'm trying to say with the above code is:
>>>> IF sender in not <> AND
>>>> sender is someone I'd normally relay for AND
>>>> sender's domain is a domain I don't relay for
>>> Do these seem to be in conflict?
>>> i.e. - if the sender's domain is not one you relay fpr, how do you

>> the
>>> sender is (one you relay for?) - or 'recognize' said sender.
>> Isn't the $sender_host_address the IP address of the sending server? I

>> should be able to know that this came from my internal network (the
>> servers I relay for).
>Of course. But then is that not 'someone you DO' (or would) normally

relay for?
>Or do you mean you do not normally relay between/among your own domaisn,

but are
>willing to do so?
>IOW a terminology conflict, not a technical one.
>It only matters w/r the 'logic' you have illustrated. I think ee know

what you
>want to happen.

Correct, we do not "relay" between domains, but I sometimes need to

> > If I'm missing something here, please let me know.
>>>> THEN I'm not really acting as a relay, I'm acting more as a

>> so
>>>> SRS the thing.

* snip *

>It suggests an Occam-ish solution:
>Set your servers to recognize and trust each other by IP and NOT require

SRS of
>each other. Exemptions, IOW.

Easier said then done. Yes, this would be the perfect solution.

* snip *

>I'd go for a 'trust' model, and just not use SRS internally.

I agree. Unfortunately, things move really slow. I need something until
(if ever) a trust model can get setup.