Hello, After having looked on the web and on this list's archive for similar cases, and not having found a solution, I am writing this hoping for some help or indication on how to create the following behaviour with Exim.
Test case environment: A server with Exim as MTA, serving different domains (in our case, the server is running CentOS 5.6; I am not sure if this is important or not) Behaviour we are pursuing with Exim, only for a particular domain: Among all the domains that are served regularly, a given domain, and only that domain, needs to follow an internal messaging system policy, i.e.: - No emails can be sent to, nor received from, any other domains, hosted on the same server or elsewhere. - Emails regarding that domain are accepted only if sent to, or received from, that particular domain itself. In other words: For a given test domain, mydomain.com, and only for messages related to that domain: 1) if any Recipient does not contain "mydomain.com", Fail with message "rejected" 2) if From does not contain "mydomain.com", Fail with message "rejected" This is what I tried: I created the following Exim filter, /etc/vfilters/mydomain.com: <code> # Exim filter if not first_delivery and error_message then finish endif #Recipients-are-not-mydomain.com if foranyaddress $h_to:,$h_cc:,$h_bcc: ( $thisaddress does not contain "mydomain.com" ) then fail "Message rejected." endif #From-is-not-mydomain.com if $header_from: does not contain "mydomain.com" then fail "Message rejected." endif </code> Unfortunately, the filter does not work as expected. Emails sent from other domains (on of off the server) are indeed rejected with the message. But when an email is sent from [email protected] to an address to another domain (on or off the server), that email is regularly delivered, and not failed, as the intended behaviour and the filter would ask to do. This is the related content of /var/log/exim_mainlog whne trying to send to another domain: ([email protected] is in place of the real address I used) <code> > tail -f /var/log/exim_mainlog 2011-06-08 13:48:09 H=localhost (208.86.00.00) [127.0.0.1] Warning: Sender rate 2.6 / 1h 2011-06-08 13:48:09 1QUMrR-00016N-Na <= [email protected] H=localhost (208.86.00.00) [127.0.0.1] P=esmtpa A=dovecot_login:[email protected] S=544 [email protected] T="test" 2011-06-08 13:48:09 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1QUMrR-00016N-Na 2011-06-08 13:49:42 1QUMrR-00016N-Na => [email protected] R=lookuphost T=remote_smtp H=mail.server.org [208.116.00.00] X=TLSv1:DES-CBC3-SHA:168 2011-06-08 13:49:42 1QUMrR-00016N-Na Completed </code> Unfortunately, it seems that this is a limitation in Exim for outgoing messages, which is why the only way we could find so far upon investigating at the Exim site was to use the global router method (thanks to Tristan for this suggestion). <code> check_outgoing: driver = redirect domains = ! +local_domains senders = ! : ! lsearch;/etc/permitsend allow_fail data = :fail: you are not allowed to send outside </ code> <code> touch /etc/permitsend echo "[email protected]" >> /etc/permitsend </ code> This would add [email protected] to /etc/permitsend file and let that one account send to anyone. All other email accounts on every domain on the machine would be restricted to only send locally. The problem is, using a global router would only allow permitted senders to send emails from the machine and anyone else would only be able to send locally. But, unfortunately, that includes all the domains served from the same server, not respecting the intended behaviour. Basically, using the global router method, everything works as it should, but allowed senders can send to other domains on the same machine as well, thus invalidating that rule we need to enforce. To summarize the requested behaviour: a given domain needs to be used only with an internal messaging system policy: no emails can be sent to, nor received from, any other domains, hosted on the same server or elsewhere. Emails regarding that domain are accepted only if sent to, or received from, that particular domain itself. I would be very grateful if anyone could suggest a working solution. Thank you in advance, Priyadarshan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
