Re: [exim] Replicating an internal messaging system policy w…

Top Page
Delete this message
Reply to this message
Author: Michael J. Tubby B.Sc. MBCS G8TIC
Date:  
To: exim-users
CC: exim
Subject: Re: [exim] Replicating an internal messaging system policy with Exim
On 11/06/2011 16:00, Nigel Metheringham wrote:
> On 11 Jun 2011, at 10:18, exim@??? wrote:
>> Behaviour we are pursuing with Exim, only for a particular domain:
>>
>> Among all the domains that are served regularly, a given domain, and only that domain, needs to follow an internal messaging system policy, i.e.:
>>
>> - No emails can be sent to, nor received from, any other domains, hosted on the same server or elsewhere.
>> - Emails regarding that domain are accepted only if sent to, or received from, that particular domain itself.
> Personally for a 2 zone setup like this I would consider running 2 separate instances of exim on different IP addresses and with separate configuration and queues.
>
> However, in either a combined or a split out instances configuration, the way you probably want to do this is by making the routers conditional rather than applying additional filters, so
>
> # router for restricted domain - this domain can only send or be sent
> # to itself
> restricted_domain:
>    driver = accept
>    domains = restricted.doma.in
>    senders = *@restricted.doma.in
>    transport = local_restricted_delivery

>
> # router for other domains
> other_domains:
>    driver = accept
>    domains = doma1.in : doma2.in # but not restricted.doma.in
>    senders = ! *@restricted.doma.in
>    transport = local_normal_delivery

>
> and use the same conditions on the general send-elsewhere router
>
>     Nigel.
> --
> [ Nigel Metheringham ------------------------------ nigel@??? ]
> [                 Ellipsis Intangible Technologies                  ]



Sounds like a requirement to split "inside" from "outside".

We run public instances of exim called relay1... relay2... relay3 that
are all configured via a common (replicated) mysql database for the
external view. This allows us to do common stuff for several tens of
domains. Relays have a "next hop" (forward to) config item that causes
email to be forwarded to the internal host that implements teh local
email service.

Mike