I have a gateway smtp box that acts as the relay for our dev/qa mail
server. We allow mail to our corporate domain to be delivered and
blackhole everything else as shown below. The sending box is
172.16.1.10, the allowed destination is mail.domain.com for purposes of
this email. Unfortunately, we have an auto-provisioning process in our
app that creates users on the fly, and in dev/qa we create BS users
@domain.com (our corporate domain). IMO this is bad practice, we should
be using a unique domain that I could filter off the domain and still
allow our corporate domain through. Unfortunately I cannot change
that. I need to be able to verify the recipient (call out) on
mail.domain.com including the local part. I know I can do this at ACL
time, but I'm trying to keep things as they are and hopefully do this in
the router below. I was hoping verify_recipient was the condition I was
looking for. If true, let it through, if false move on to the next
router. This doesn't seem to work, it allows it through. So my
question is do I continue to try and figure out a router level work
around for this problem, or do I add a call out to acl_check_rcpt (where
I do my recipient verifications for non relayed mail now). I would do
this as a condition to the accept rule for hosts matching the host list
relay_hosts. I'd much rather do this in a router so that I wouldn't
generate a 500 failure, rather I'd just accept the message and blackhole
it in the second router.
corp_router:
driver = manualroute
condition = ${if eq{$sender_host_address}{172.16.1.10}{yes}{no}}
domains = +corp_domains
route_list = $domain mail.domain.com
transport = remote_smtp
verify_recipient
blackhole_router:
driver = redirect
condition = ${if eq{$sender_host_address}{172.16.1.10}{yes}{no}}
data = :blackhole:
Thanks,
James
