Re: exim router configuration

[Brian Candler <B.Candler at pobox.com>]

On Wed, Aug 21, 2002 at 11:53:52AM +0300, Noah K Sematimba wrote:
> I currently have:
> 
> accept hosts = +relay_from_hosts
>        sender_domains = +source_domains
> 
> This restriction is working very well and a lot of spam has actually been
> dropped.
> 
> Is there a way to also add particular users to be able to send through the
> mail server. i.e. I may not want every user on a particular domain to be
> able to send through my mail server but only particular users. In this
> case I have a user whose e-mail is hosted with another ISP however he gets
> his link and relays his mail through me. So i would not like to enable
> every user on that ISP's domain to relay through my server even though
> they come from my network but only this particular user/users.

In other words, you want to allow MAIL FROM:<foo at hotmail.com> but not
MAIL FROM:<anythingelse at hotmail.com> ?

Take a closer read of the documentation section on 'ACL conditions',
http://www.exim.org/exim-html-4.00/doc/html/spec_37.html#SECT37.9
The condition 'sender' lets you test the entire sender address, not just the
domain.

Try something like this (not tested so you may need to fiddle with it):

  accept hosts  = +relay_from_hosts
         sender = : lsearch* at ;/usr/local/etc/exim/senders

where this file can contain "foo at hotmail.com" or "* at example.com"
The extra colon is to allow null (empty) senders, i.e. allow bounces
to be relayed. Using the lsearch* at  means that if foo at bar is not found in
this file, it automatically retries looking for * at bar. Hence this file can
replace your source_domains functionality as well.

If this list gets big, turn it into a dbm file for efficiency.

Note that you can use 'exim -bh 1.2.3.4' to fake an SMTP session from
1.2.3.4, which gives an easy way for testing your SMTP ACLs.

> As for the routers I settled for this.
> 
> smtp_paths
>           driver = manualroute
>           transport = remote_smtp
>           domains = lsearch;/usr/local/etc/exim/transport
>           route_data = x.x.x.x
> 
> How would I be able to chaneg this to having the route data also read from
> the transport file as well for example have the file looking like:
> 
> domain.net:	w.x.y.z
> 
> 
> where domain.net is the domain being routed and w.x.y.z is the particular
> ip address the mail is being delivered to.

Something like this:

smtp_paths:
    driver = manualroute
    route_data = ${lookup{$domain}lsearch{/usr/local/etc/exim/transport}}
    transport = remote_smtp

which is the same as the example for route_data given in section 19.1 of the
exim manual, or the example "through_firewall:" in section 19.6

(Yes, it's all in the manual. Yes, it's a big manual - but it pays to learn
your way around it).

This router will be tried for all domains, but if the route_data lookup
fails, or gives an empty string, the router will 'decline' and so exim will
move onto the next router.

In fact, with exim 4.10, you can also override the transport in this file
(see section 19.5): i.e.

    domain.net    w.x.y.z       remote_smtp
    example.com   sparky.uucp   uucp

which gives you a feature very much like the 'mailertable' of sendmail,
except you can use any lookup type (dbm, ldap, mysql etc) to hold this data.

HTH,

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org