I previously request help regarding 'Exim4 route based on senders IP address' and received great help. I've included the code I ended up with at the end of this email,
To try and make the configuration more efficient I am trying to use an ACL to deny senders where the IP address is listed in a file AND the 'RCPT to' domain is anything other than 'thisdomain.com'. This ACL seems to be blocking all senders if they are listed in the file regardless of destination.
The ACL is in the acl_check_rcpt section and is as follows:
deny
condition = ${if and \
{match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}} \
{match_domain {$domain}{! thisdomain.com}} \
}
If I just use the match_ip line without the and it works based on the IP address, it fails when I add the match_domain with the following error:
451 Temporary local problem - please try later
LOG: [3480] H=(me.thisdomain.com) [1.2.3.4] F=<me@???> temporarily rejected RCPT someone@???: failed to expand ACL string "${if and {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}} {match_domain {$domain}{! T=thisdomain.com}} }": each subcondition inside an "and{...}" condition must be in its own {}
I've tried multiple variations of {} but can't get it right :-( Any help greatly appreciated.
Pete.
Code using router:
# Block Xerox printers from emailing external domains
smarthost_copiers_reject_non_local_domain:
debug_print = R: smarthost routing for copiers - drop non-local domain
condition = ${if match_ip{$sender_host_address} { \
1.2.3.4: \
7.8.9.10 \
}}
domains = ! thisdomain.com
driver = redirect
allow_fail
fail_verify = true
data = :fail: copier email address - moray.gov.uk only <$local_part@$domain>
no_more
# Relay local domain traffic from Xerox printers to correct mail server
smarthost_copiers:
debug_print = R: smarthost routing for copiers - send to exch2013 only - sha - $sender_host_address
driver = manualroute
# condition = ${if match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}{true}}
condition = ${if match_ip{$sender_host_address}{ \
1.2.3.4: \
7.8.9.10 \
}}
domains = thisdomain.com
route_data = exchange.thisdomain.com
host_find_failed = ignore
same_domain_copy_routing = yes
transport = remote_smtp_smarthost
no_more
# Server tasks need to be able to mail out. Relay to correct mail server/gateway
smarthost_servertask:
debug_print = "R: smarthost routing for server scheduled tasks"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = \
thisdomain.com exchange.thisdomain.com ; \
*.gsx.gov.uk securenet1.thisdomain.com ; \
"mailgateway1.thisdomain.com:+:mailgateway2.thisdomain.com"
host_find_failed = ignore
same_domain_copy_routing = yes
no_more
******** The Moray Council: Internet E-mail Notice ********
Moray Council Web address:
http://www.moray.gov.uk
Main switchboard: 01343 543451
For details on how Moray Council uses personal information, visit
http://www.moray.gov.uk/privacy
The contents of this e-mail and any attachments ('this e-mail') are confidential and intended solely for the addressee.
If this e-mail has been sent to you by mistake, please notify postmaster@??? as soon as possible; you should then delete this e-mail from your computer.
