On Mon, 06 Oct 2008 23:46:29 -0400, Exim List <eximlist@???>
wrote:
>While a firewall solution might seem the logical choice, it isn't here.
> The reason is that the users in each domain need to be able to see
>mail.abc.com or mail.xyz.com as their outgoing SMTP server which they
>relay through via SMTP auth.
It is generally a bad idea to run outgoing and incoming mail on the
same host names for exactly this reason: It prevents you to take
different routing/filtering approaches on the IP level, and - in times
of higher load - prevents you from separating these functions to
different machines.
>So, I need to know how to disable the ability to receive mail for local
>domains EXCEPT from a trusted source (the spam appliance box). Further,
>I need to allow SMTP AUTH clients to relay mail through their respective
>domains.
Define "relay mail through domains".
>A firewall simply shuts off all SMTP traffic including SMTP auth unless
>I know all the "trusted sources" which is basically moot given roaming
>customers.
>
>How can this be done?
>
>Also, it would be preferable to be able to do this on a domain by domain
>basis rather than server wide.
This is probably a rather sophisticated application of ACLs which
surely can be done. If I were you, I'd take a closer look at the
documentation's chapters about string expansion, lookups and ACLs, and
if that's too complicated to tackle in the given time frame, hire an
experienced consultant.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
