Re: [exim] Exim Restrict outgoing relay by ip address

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: jwexler, exim-users
Subject: Re: [exim] Exim Restrict outgoing relay by ip address


--On 8 November 2008 14:14:01 +0900 jwexler@??? wrote:

> I am moving our email server from MS Exchange to Exim on Ubuntu 8.04.1.
> Version of Exim is 4.68.
>
> As one of our security layers, we restrict authorization to send/relay
> email via our mail server from approved IP networks only. Whether this is
> a perfect method or not is irrelevant as it is but one of our security
> layers and we do not need to allow relaying from the world.


This is quite normal, though most sites will also relay email from
non-local hosts provided the sender is authenticated.

The facilities you need are all in the Access Controls, or in the routers.

An ACL to deny relaying from non-local machines would look something like
this:

deny
    domains       = !+local_domains
    hosts         = !+local_hosts


where local_domains is defined as the list of domains that you accept email
for, and local_hosts is defined as your IP range.

> I need to be able to restrict the sending of outgoing email via our
> servers by IP but need to allow the receipt and delivery of inbound email
> from any IP.
>
> I have spent over 2 weeks scouring the web, reading through the Exim specs
> and doc and other resources and have tried many many ways to achieve this
> goal but to no success yet and am becoming very desperate. I will need to
> give up on Exim if I cannot achieve this and have already invested a huge
> amount of time into this.



>
> In summary:
>
> * Restrict ability to relay outgoing email from our servers by IP (Normal
> encrypted TLS username/password also required of course)
>
> * Allow inbound delivery of email from any IP
>
> Does anyone know whether this can be done and if so how?
>
> I would truly appreciate any help on this.
>
> Regards,
>
> Jeff




--
Ian Eiloart
IT Services, University of Sussex
x3148