• Gandalf Corvotempesta via Exim-users [2023-10-27 08:40]:
Il gio 26 ott 2023, 21:22 Kirill Miazine via Exim-users <
[email protected]> ha scritto:
Maybe you could solve the task at a lower level, e.g. use operating
system's networking facilities e.g. to redirect connections to port 25
on those specific IP addresses to the smarthost, or better have some VPN
between GCP and AWS and route packets via the AWS instance (which would
have to make sure to use NAT on packets coming from GCP).
Could that work?
i can , and would be much easier, but this would "break" logging and
debugging i think
exim will log an email sent to IP 1.2.3.4 (the real one) but thank to
iptables, the email is sent to a different host.
It works, but in 2 days we'll forget this thing and we'll start to
troubleshoot why an email sent to and accepted by 1.2.3.4 is not delivered,
forgetting that the email could be stuck in our external "proxy"
even an exim -bt [email protected] will not produce a useful output
Better to handle the routing inside exim, but in going crazy with the
conditions....
i've already set a condition with ${if forany.....} to trigger if any of
the the ip in the list are inside a file, but with ipv6 it doesn't work at
all, the list seems to be always empty
Have you considered using the dnslists ACL condition and set an
appropriate ACL message variable to check in a router? There's an
example at the end of section 30 for how to query dnslists for multiple
explicit keys at the same time:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTmulkeyfor
The countries.nerd.dk zone contains two-letter ISO 3166 country-code
subdomains you can use to determine whether an IP is from that
particular country.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
