Rafael Wolf via Exim-users <exim-users@???> (Mo 29 Apr 2019 19:26:59 CEST):
> Hi All,
> from all domains.
>
> Example:
>
> *@customer.com > Subject: encrypt > forward to the Cuda smart host
> that will handle encryption based on subject
>
> *@customer.com > Subject: anything else here > goes out the door from
> the CPanel server
>
> I'm not quite sure after looking at forums, etc how to do this. I
> know I need to use a "router" function but how to lock it down to
> individual domain names for outbound filtering I'm just not certain
> and I can't figure out what I should do or where.
In Exim routers use the destination address for their routing decision
(as Layer 3 does). They can be forced to route based on other
information (e.g. the sender's domain). But the cleaner way is to have
another layer of decisions: pre-conditions. Exim router pre-conditions
help selecting the right router (comparable with ip rules in Linux).
A well known pre-condition is "domains", as used in most setups.
But there are more. For your issue I'd use the "senders" pre-condition
and the generic "condition" pre-condition:
A rough outline, w/o any tests applied, so it is up to you, to check if
this would work for you.
begin routers
encrypt:
# pre-conditions
senders = *@customer.com
condition = ${if match{$h_subject:}{^encrypt}}
# if the pre-conditions are met:
driver = manualroute
route_data = <the smart host of your encryption provider>
transport = smtp
<and now all your other routers>
I reordered the configuration lines slightly, to point out the "pre".
Ah, beware: If your ACL do a routing check (as normally the RCPT ACL
does), *this* router won't be used, as during the RCPT ACL phase the
subject is not yet known.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
