Mailing List Archive

Shared Hosting + Specific Domain outbound filter
Hi All,

I have a CPanel server that uses Exim as it's MTA.
I have multiple domain names on this server all using email.

My customer has signed up for an email encryption service from
Barracuda so I now need to make / create an outbound filter but it
needs to be specific from that one sending domain and not globally
from all domains.

Example:

*@customer.com > Subject: encrypt > forward to the Cuda smart host
that will handle encryption based on subject

*@customer.com > Subject: anything else here > goes out the door from
the CPanel server

*@othercustomers > Subject: anything here too including "encrypt" >
goes out the door from CPanel server like it always has

I'm not quite sure after looking at forums, etc how to do this. I
know I need to use a "router" function but how to lock it down to
individual domain names for outbound filtering I'm just not certain
and I can't figure out what I should do or where.

Any help or guidance would be much appreciated.

Thanks!

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Shared Hosting + Specific Domain outbound filter [ In reply to ]
Rafael Wolf via Exim-users <exim-users@exim.org> (Mo 29 Apr 2019 19:26:59 CEST):
> Hi All,
> from all domains.
>
> Example:
>
> *@customer.com > Subject: encrypt > forward to the Cuda smart host
> that will handle encryption based on subject
>
> *@customer.com > Subject: anything else here > goes out the door from
> the CPanel server
>
> I'm not quite sure after looking at forums, etc how to do this. I
> know I need to use a "router" function but how to lock it down to
> individual domain names for outbound filtering I'm just not certain
> and I can't figure out what I should do or where.

In Exim routers use the destination address for their routing decision
(as Layer 3 does). They can be forced to route based on other
information (e.g. the sender's domain). But the cleaner way is to have
another layer of decisions: pre-conditions. Exim router pre-conditions
help selecting the right router (comparable with ip rules in Linux).

A well known pre-condition is "domains", as used in most setups.
But there are more. For your issue I'd use the "senders" pre-condition
and the generic "condition" pre-condition:

A rough outline, w/o any tests applied, so it is up to you, to check if
this would work for you.


begin routers

encrypt:
# pre-conditions
senders = *@customer.com
condition = ${if match{$h_subject:}{^encrypt}}
# if the pre-conditions are met:
driver = manualroute
route_data = <the smart host of your encryption provider>
transport = smtp

<and now all your other routers>

I reordered the configuration lines slightly, to point out the "pre".

Ah, beware: If your ACL do a routing check (as normally the RCPT ACL
does), *this* router won't be used, as during the RCPT ACL phase the
subject is not yet known.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -