Hi, Sebastien - You've not told us what domains are in the named lists, which makes it difficult to diagnose. However my hunch is that in the second router the problem might be you're using
domains = +relay_to_domains which selects this router when the recipient's domain appears in your *relay_to_domains* named list. I suspect you might mean hosts = +relay_from_hosts instead? (You say you want to allow relaying from hosts named in relay_from_hosts but then don't use that named list in your router!) The above will select this router when the IP address of the system connecting to your server is listed in the *relay_from_hosts* list and seems to match what you describe as trying to achieve. By the way, if you're looking to reject messages not matching your criteria I'd personally be doing this with ACLs rather than routers. To me ACLs control *whether* to accept or reject a message, and routers *how* to route them and to where after you've decided to accept them. (Although of course routers can reject messages if need be but must do so explicitly.) For example your first router won't reject messages arriving for "@domain.ca" recipient addresses other than <[email protected]> and <[email protected]> but merely decline to handle them, passing them on to later routers. If none of them handle the message you'll get the rather poor generic "failed to route message" (sic) rejection response. I'd probably look at something like this (untested!) fragment in the rcpt ACL: # Accept mail originating from internal client systems to any recipient anywhere. # (This includes to any local part for domains listed in relay_to_domains.) accept hosts = +relay_from_hosts # Accept mail from anywhere if it's to "operateurs" or "backups" in any of the domains we relay onward to. accept local_parts = operateurs : backup domains = +relay_to_domains # Reject messages from anywhere to any other recipient in any of the domains we relay onward to. deny message = Invalid recipient mailbox domains = +relay_to_domains *Caution:* The above ACLs would need testing and looking at in the context of your other ACLs to sort out their ordering and positioning. Make sure you don't open your service up to unauthorised relaying, especially from external clients! Your routers can then concentrate on the routing of the delivery and selecting the transport. Finally, if this domain is one that sends email out remember you should also accept mail to the "postmaster" and "abuse" addresses as well so that someone can monitor them. Cheers, Mike B-) On 17 February 2016 at 20:47, <[email protected]> wrote: > Hi all, > > > 1. I want to allow emails from external to internal with a dest > [email protected]<mailto:[email protected]> and [email protected] > <mailto:[email protected]> ONLY. > > 2. I want to allow host listed in relay_from_hosts to use this server > to relay any emails internaly or externaly. > > My smarthost routes : http://pastebin.com/kaMZWDaA > > The first smarthost route work perfectly. > > The second work perfectly too but it allows anyone to use this relay host > if he sends an email with [email protected]<mailto:[email protected]> as > destination adress. > Anyone can give me a clue how tobuild a good acl for that ? > > Thanks you very much for your answer and your time. > > Sébastien > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
