We're outsourcing some of our domains to a commercial house and now we'd
like to be able to accept mail to those domains but only if that mail is
relayed by the new provider. I don't know that I've seen any such config
before but here's the logical view of it in tortured access_db speak:

To:mytestdomain.com but only if relay==postini OK

Anyone have an idea?

dp

dp wrote:
> We're outsourcing some of our domains to a commercial house and now we'd
> like to be able to accept mail to those domains but only if that mail is
> relayed by the new provider. I don't know that I've seen any such config
> before but here's the logical view of it in tortured access_db speak:

> To:mytestdomain.com but only if relay==postini OK

> Anyone have an idea?

In exim, you could use something like

acl_check_rcpt:
accept domains = mytestdomain.com
hosts = postini
deny message = relay not permitted

Yet another reason to migrate from sendmail.

--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 [at] fidonet http://vas.tomsk.ru/

On Mon, 27 Aug 2007 19:12:51 -0700, dp <dp [at] urflink.net> wrote:

>We're outsourcing some of our domains to a commercial house and now we'd
>like to be able to accept mail to those domains but only if that mail is
>relayed by the new provider. I don't know that I've seen any such config
>before but here's the logical view of it in tortured access_db speak:
>
>To:mytestdomain.com but only if relay==postini OK

Well, if postini is some trusted relay, you can expressly accept mail
from it (note that this will accept all mail from it, not just stuff
for your specific domain - but this doesn't allow them to RELAY
thorugh your host, only mail to locally handled domains):

Connect:ip_address OK

then otherwise deny mail to the domain:

To:somedomain.tld REJECT


(a similar technique is used to safeguard listname-out aliases from
access by external users - expressly OK the localhost, then otherwise
refuse mail to the address - by allowing the host to mail, it doesn't
run afoul of the block on the address)

Victor Sudakov wrote:
> dp wrote:
>> We're outsourcing some of our domains to a commercial house and now we'd
>> like to be able to accept mail to those domains but only if that mail is
>> relayed by the new provider. I don't know that I've seen any such config
>> before but here's the logical view of it in tortured access_db speak:
>
>> To:mytestdomain.com but only if relay==postini OK
>
>> Anyone have an idea?
>
> In exim, you could use something like
>
> acl_check_rcpt:
> accept domains = mytestdomain.com
> hosts = postini
> deny message = relay not permitted
>
> Yet another reason to migrate from sendmail.
>

When pigs fly out of my ass.

dp

On 8/27/2007 9:12 PM, dp wrote:
> We're outsourcing some of our domains to a commercial house and now
> we'd like to be able to accept mail to those domains but only if that
> mail is relayed by the new provider. I don't know that I've seen any
> such config before but here's the logical view of it in tortured
> access_db speak:
>
> To:mytestdomain.com but only if relay==postini OK
>
> Anyone have an idea?

You might try some derivative of "Protected Recipients" where you would
consider the out sourced party an internal sender. Just a thought.



Grant. . . .

dp wrote:
> >> We're outsourcing some of our domains to a commercial house and now we'd
> >> like to be able to accept mail to those domains but only if that mail is
> >> relayed by the new provider. I don't know that I've seen any such config
> >> before but here's the logical view of it in tortured access_db speak:
> >
> >> To:mytestdomain.com but only if relay==postini OK
> >
> >> Anyone have an idea?
> >
> > In exim, you could use something like
> >
> > acl_check_rcpt:
> > accept domains = mytestdomain.com
> > hosts = postini
> > deny message = relay not permitted
> >
> > Yet another reason to migrate from sendmail.
> >

> When pigs fly out of my ass.

I respect your right to be a masochist.

--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 [at] fidonet http://vas.tomsk.ru/

dp wrote:
> Victor Sudakov wrote:
>> dp wrote:
>>> We're outsourcing some of our domains to a commercial house and now
>>> we'd like to be able to accept mail to those domains but only if that
>>> mail is relayed by the new provider. I don't know that I've seen any
>>> such config before but here's the logical view of it in tortured
>>> access_db speak:
>>
>>> To:mytestdomain.com but only if relay==postini OK
>>
>>> Anyone have an idea?
>>
>> In exim, you could use something like
>>
>> acl_check_rcpt:
>> accept domains = mytestdomain.com
>> hosts = postini
>> deny message = relay not permitted
>>

Something like...

LOCAL_RULESETS
SLocal_check_rcpt
R$*< [at] mytestdomain.com.> $: $1 $| $>Check_postini $&{client_name}
R$* $| $# $* $# $2
R$* $| $* $1

SCheck_postini
R$*postini$* $ [at] OK
R$* $#error $ [at] 5.7.1 $: "550 Relaying denied. Should come via postini
" $&{client_name}