Some of you may remember me writing a couple of months ago about how I could relay mail through more than one smart host. I was pointed at chapter 20 of the manual, which I read and understood at the time - although I''ll need to re-read it now. ;-)) The thing is we have now got rid of one of our anti-spam/anti-virus services and only have the one remaining. So whats the fly in the ointment? Well, not every domain we host has signed up for the anti-spam service. So whilst I''m fine for incoming mail - (just set the MX records to point to the service and then program that to forward the mail to our server) - mail emanating from our server cannot all be forwarded by their outgoing systems. So what I need is a way, if possible, of saying, if mail is *from* these domains, then go via the smarthosts, otherwise, just do normal MX lookup as normal. I know MTA''s aren''t particularly good at this - but their might be a directive I can use. (one lives in hope). Regards Neil
On Fri, Jul 14, 2006 at 11:13:00PM +0100, Neil Briscoe wrote:> So what I need is a way, if possible, of saying, if mail is *from* these > domains, then go via the smarthosts, otherwise, just do normal MX lookup > as normal.Have both smarthost and dnslookup routers, smarthost first, with an appropriate condition (senders?) to only handle messages with a the appropriate sender. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
A helpful response, thankyou. This is the router I''ve concocted on paper. smart_route: driver = manualroute transport = remote_smtp senders = +ems_domains route_list = !+local_domains post8a:post8b What this router is meant to do is send mail via post8a when its being delivered to any non-local domains (or post8b if it can''t talk to post 8a) - if the sender''s address is from a domain in the ems_domains domainlist. Not wanting to break a live system (because I will get phone calls, even on a Saturday), can you confirm, or otherwise, that that is infact what it will do? Regards Neil
On Saturday 15 July 2006 12:25, Neil Briscoe took the opportunity to write:> A helpful response, thankyou. > > This is the router I''ve concocted on paper. > > smart_route: > driver = manualroute > transport = remote_smtp > senders = +ems_domains > route_list = !+local_domains post8a:post8bThis is prettier: smart_route: driver = manualroute transport = remote_smtp domains = !+local_domains senders = +ems_domains route_list = * post8a:post8b But there are issues still. 1. senders needs an address list, not a domain list. You can use condition = ${if match_domain {$sender_address_domain}{+ems_domains}} instead of the senders condition. 2. Can users forward mail? In that case you might want to base the routing decision on who forwarded it. One way is through $parent_domain. 3. Can users, by authenticated SMTP or otherwise, send mail with arbitrary sender addresses? In that case you''ll want to base the routing decision on something other than $sender_address_domain. One way is through $authenticated_id. Assuming that usernames include the domain, that locally-submitted messages can be trusted to have the correct sender address (if you have a webmail system or similar that allows the users to use arbitrary sender addresses you need something more) and that you don''t receive mail with SMTP from localhost, here is a suggestion: condition = ${if match_domain {${if !def:sender_host_address {$sender_address_domain} {${if def:parent_domain {$parent_domain} {${domain:$authenticated_id}}}}}} {+ems_domains}} A probably better and more readable solution would involve an ACL variable in combination with $parent_domain. -- Magnus Holmgren holmgren@lysator.liu.se (No Cc of list mail needed, thanks) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20060715/2310e425/attachment.pgp
On 2006-07-15 Magnus Holmgren <holmgren@lysator.liu.se> wrote:> On Saturday 15 July 2006 12:25, Neil Briscoe took the opportunity to write: > > A helpful response, thankyou. > > > > This is the router I''ve concocted on paper. > > > > smart_route: > > driver = manualroute > > transport = remote_smtp > > senders = +ems_domains > > route_list = !+local_domains post8a:post8b> This is prettier:> smart_route: > driver = manualroute > transport = remote_smtp > domains = !+local_domains > senders = +ems_domains > route_list = * post8a:post8b> But there are issues still.> 1. senders needs an address list, not a domain list. You can use> condition = ${if match_domain {$sender_address_domain}{+ems_domains}}> instead of the senders condition.I almost sent a mail claiming that the original senders = +ems_domains needs to be changed, too. However rereading http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch10.html#SECTaddresslist stopped me: | If a non-empty pattern that is not a regular expression or a lookup | does not contain an @ character, it is matched against the domain part | of the subject address. The only two formats that are recognized this | way are a literal domain, or a domain pattern that starts with *. In | both these cases, the effect is the same as if *@ preceded the | pattern. For example: | | deny senders = enemy.domain : *.enemy.domain I''d use senders = *@+ems_domains anyway. cu andreas -- The ''Galactic Cleaning'' policy undertaken by Emperor Zhark is a personal vision of the emperor''s, and its inclusion in this work does not constitute tacit approval by the author or the publisher for any such projects, howsoever undertaken. (c) Jasper Ffforde
Thankyou to both of you for your comments. I''ll use *@+ems_domains and see if that works nicely. I''ll keep those conditions (for which my thanks, points noted) should the first cut not quite work. Regards Neil
Just to let you all know - it works a treat. Mail from users within ems_domains listed domains is now routed via the smart_route: router, any other external mail is routed via the dnslookup: router which is exactly what I wanted. Thankyou very much for your help. Regards Neil