Re: [exim] how do I block mail to local domains except SMTP …

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [exim] how do I block mail to local domains except SMTP auth or trusted source?
On Mon, 06 Oct 2008 23:46:29 -0400, Exim List <eximlist@???>
wrote:
>While a firewall solution might seem the logical choice, it isn't here.
> The reason is that the users in each domain need to be able to see
>mail.abc.com or mail.xyz.com as their outgoing SMTP server which they
>relay through via SMTP auth.


It is generally a bad idea to run outgoing and incoming mail on the
same host names for exactly this reason: It prevents you to take
different routing/filtering approaches on the IP level, and - in times
of higher load - prevents you from separating these functions to
different machines.

>So, I need to know how to disable the ability to receive mail for local
>domains EXCEPT from a trusted source (the spam appliance box). Further,
>I need to allow SMTP AUTH clients to relay mail through their respective
>domains.


Define "relay mail through domains".

>A firewall simply shuts off all SMTP traffic including SMTP auth unless
>I know all the "trusted sources" which is basically moot given roaming
>customers.
>
>How can this be done?
>
>Also, it would be preferable to be able to do this on a domain by domain
>basis rather than server wide.


This is probably a rather sophisticated application of ACLs which
surely can be done. If I were you, I'd take a closer look at the
documentation's chapters about string expansion, lookups and ACLs, and
if that's too complicated to tackle in the given time frame, hire an
experienced consultant.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834