[exim] Re: Routing based on *recipient* IP address

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Kirill Miazine
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [exim] Re: Routing based on *recipient* IP address
• Gandalf Corvotempesta via Exim-users [2023-10-27 08:40]:
> Il gio 26 ott 2023, 21:22 Kirill Miazine via Exim-users <
> exim-users@???> ha scritto:
>
>> Maybe you could solve the task at a lower level, e.g. use operating
>> system's networking facilities e.g. to redirect connections to port 25
>> on those specific IP addresses to the smarthost, or better have some VPN
>> between GCP and AWS and route packets via the AWS instance (which would
>> have to make sure to use NAT on packets coming from GCP).
>>
>> Could that work?
>>
>
> i can , and would be much easier, but this would "break" logging and
> debugging i think
> exim will log an email sent to IP 1.2.3.4 (the real one) but thank to
> iptables, the email is sent to a different host.
>
> It works, but in 2 days we'll forget this thing and we'll start to
> troubleshoot why an email sent to and accepted by 1.2.3.4 is not delivered,
> forgetting that the email could be stuck in our external "proxy"
>
> even an exim -bt ffff@??? will not produce a useful output
>
> Better to handle the routing inside exim, but in going crazy with the
> conditions....
>
> i've already set a condition with ${if forany.....} to trigger if any of
> the the ip in the list are inside a file, but with ipv6 it doesn't work at
> all, the list seems to be always empty


Have you considered using the dnslists ACL condition and set an
appropriate ACL message variable to check in a router? There's an
example at the end of section 30 for how to query dnslists for multiple
explicit keys at the same time:

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTmulkeyfor

The countries.nerd.dk zone contains two-letter ISO 3166 country-code
subdomains you can use to determine whether an IP is from that
particular country.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/