Configuring rules of routing mail traffic from an Exim server

The instructions apply to the mail transfer agent Exim 4 with separate configuration files. If all Exim settings are stored in a single configuration file in your organization, you must add the specified strings to this file. For more information about configuring Exim, see exim.org.

Before you configure mail traffic routing rules, add a source for filtering mail traffic.

To configure rules of routing mail traffic from an Exim server:Create the remote_smtp_check transport to send mail traffic from an Exim server to PT MS to check. To do so, create the file /etc/exim4/conf.d/transport/45_exim4-config_remote_smtp_check and add the following strings to it:
remote_smtp_check:
  driver = smtp
  port = <port for receiving mail on PT MS SMTP server>
  delay_after_cutoff = false
If messages with large attachments (hundreds of megabytes) are allowed in your organization, you can prevent the Exim server from terminating SMTP sessions due to lengthy checks of such messages by PT MS. To do so, increase the SMTP session time-outs by adding the following strings to the remote_smtp_check section:
  command_timeout = 25m
  final_timeout = 30m
Save the 45_exim4-config_remote_smtp_check file.Configure the new mail traffic routing rule. To do so, create the file /etc/exim4/conf.d/router/050_exim4-config_ptms and add the following strings to it:
send_to_check:
  driver = manualroute
  condition = ${if eq {$interface_port}{<port for receiving checked messages>}{no}{yes}}
  transport = remote_smtp_check
  route_list = * <PT MS IP address>
  address_test = false
The added send_to_check routing rule must have the highest possible priority. To verify this, make sure that in the directory /etc/exim4/conf.d/router the 050_exim4-config_scanner file comes immediately after the 00_exim4-config_header file alphabetically.
Save the 050_exim4-config_ptms file.Add an access control list (ACL) to limit access to the checked mail receipt point. To do so, create the file /etc/exim4/conf.d/acl/25_exim4-config_check_host and add the following strings to it:
acl_check_host:
  deny
    message = Untrusted sender host
    condition = ${if eq {$interface_port}{<port for receiving checked messages>}{yes}{no}}
    condition = ${if match_ip{$sender_host_address}{<PT MS IP address>}{no}{yes}}
  accept
The Exim server will reject mail received from sources other than PT MS.
Save the 25_exim4-config_check_host file.Link the created access control list to the configuration. To do so, create the file /etc/exim4/conf.d/main/02_exim4-config_acl_pre_options and add the following string to it:
acl_smtp_connect = acl_check_host
If you also want to change the maximum message size, add the following string:
MESSAGE_SIZE_LIMIT = "<maximum message size in MB>M"
Save the 02_exim4-config_acl_pre_options file.Open the file /etc/exim4/update-exim4.conf.conf:
sudo nano /etc/exim4/update-exim4.conf.conf
Configure the checked mail entry point by adding the following string to the file:
dc_local_interfaces='0.0.0.0 ; <IP address of server for receiving checked mail>.<port for receiving checked mail>'
Add the PT MS IP address to the list of networks from which email message forwarding is allowed by adding the following string to the file:
dc_relay_nets='<PT MS IP address>'
The string enables PT MS to send notifications to recipients from domains not serviced by the Exim mail server.
Save the update-exim4.conf.conf file.Generate the Exim mail server runtime configuration file:
sudo update-exim4.conf
To apply the new settings, restart Exim:
sudo service exim4 restart
The rules of routing mail traffic from an Exim server are now configured.

The website uses cookies according to the cookie policy.