exim sending only to specific domains

there is centos 7, it costs vestacp default settings for exim, I need to send my mail from my server only to the domains test.com and site.com, the rest of the mail from my server should be blocked

exim config:

SPAMASSASSIN = yes
SPAM_SCORE = 50
CLAMD = yes
add_environment = <; PATH=/bin:/usr/bin
keep_environment =
disable_ipv6=true
domainlist local_domains = dsearch;/etc/exim/domains/
domainlist relay_to_domains = dsearch;/etc/exim/domains/
hostlist relay_from_hosts = 127.0.0.1
hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf
hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf
no_local_from_check
untrusted_set_sender = *
acl_smtp_connect = acl_check_spammers
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
.ifdef SPAMASSASSIN
spamd_address = 127.0.0.1 783
.endif
.ifdef CLAMD
av_scanner = clamd: /var/run/clamav/clamd.sock
.endif
tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.key
daemon_smtp_ports = 25 : 465 : 587 : 2525
tls_on_connect_ports = 465
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
begin acl
acl_check_spammers: accept hosts = +whitelist drop message = Your host in blacklist on this server. log_message = Host in blacklist hosts = +spammers accept
acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s drop condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept
acl_check_rcpt: accept hosts = : deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ require verify = sender accept hosts = +relay_from_hosts control = submission accept authenticated = * control = submission/domain= deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text hosts = !+whitelist dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}} require message = relay not permitted domains = +local_domains : +relay_to_domains deny message = smtp auth requried sender_domains = +local_domains !authenticated = * require verify = recipient
.ifdef CLAMD warn set acl_m0 = no warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}} set acl_m0 = yes
.endif
.ifdef SPAMASSASSIN warn set acl_m1 = no warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}} set acl_m1 = yes
.endif accept
acl_check_data:
.ifdef CLAMD deny message = Message contains a virus ($malware_name) and has been rejected malware = * condition = ${if eq{$acl_m0}{yes}{yes}{no}}
.endif
.ifdef SPAMASSASSIN warn !authenticated = * hosts = !+relay_from_hosts condition = ${if < {$message_size}{100K}} condition = ${if eq{$acl_m1}{yes}{yes}{no}} spam = spamd:true/defer_ok add_header = X-Spam-Score: $spam_score_int add_header = X-Spam-Bar: $spam_bar add_header = X-Spam-Report: $spam_report set acl_m2 = $spam_score_int warn condition = ${if !eq{$acl_m2}{} {yes}{no}} condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} add_header = X-Spam-Status: Yes message = SpamAssassin detected spam (from $sender_address to $recipients).
.endif accept
acl_check_mime: deny message = Blacklisted file extension detected condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} accept
begin authenticators
dovecot_plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1
dovecot_login: driver = dovecot public_name = LOGIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1
begin routers
dnslookup: driver = dnslookup domains = * transport = remote_smtp no_more
userforward: driver = redirect check_local_user file = $home/.forward allow_filter no_verify no_expn check_ancestor file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply
procmail: driver = accept check_local_user require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail transport = procmail no_verify
autoreplay: driver = accept require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}{yes}{no}} retry_use_local_part transport = userautoreply unseen
aliases: driver = redirect headers_add = X-redirected: yes data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} require_files = /etc/exim/domains/$domain/aliases redirect_router = dnslookup pipe_transport = address_pipe unseen
localuser_fwd_only: driver = accept transport = devnull condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}}
localuser_spam: driver = accept transport = local_spam_delivery condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}}
localuser: driver = accept transport = local_delivery condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}}
catchall: driver = redirect headers_add = X-redirected: yes require_files = /etc/exim/domains/$domain/aliases data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} file_transport = local_delivery redirect_router = dnslookup
terminate_alias: driver = accept transport = devnull condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}}
begin transports
remote_smtp: driver = smtp #helo_data = $sender_address_domain dkim_domain = DKIM_DOMAIN dkim_selector = mail dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0
procmail: driver = pipe command = "/usr/bin/procmail -d $local_part" return_path_add delivery_date_add envelope_to_add user = $local_part initgroups return_output
local_delivery: driver = appendfile maildir_format maildir_use_size_file user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} group = mail create_directory directory_mode = 770 mode = 660 use_lockfile = no delivery_date_add envelope_to_add return_path_add directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M quota_warn_threshold = 75%
local_spam_delivery: driver = appendfile maildir_format maildir_use_size_file user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} group = mail create_directory directory_mode = 770 mode = 660 use_lockfile = no delivery_date_add envelope_to_add return_path_add directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" quota_warn_threshold = 75%
address_pipe: driver = pipe return_output
address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add
address_reply: driver = autoreply
userautoreply: driver = autoreply file = /etc/exim/domains/$domain/autoreply.${local_part}.msg from = "${local_part}@${domain}" headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" to = "${sender_address}"
devnull: driver = appendfile file = /dev/null
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite

added to the main config /etc/exim/exim.conf immediately after the lines begin routers, i.e. I did it this way

begin routers
check_outgoing_from_header: driver = redirect domains = ! +local_domains condition = ${if !match {$header_from:}{$sender_address}} allow_fail data = :fail: You can not send mail from here with From: $header_from as sender: $sender_address
check_outgoing: driver = redirect domains = ! +local_domains senders = ! : ! *@lsearch;/etc/exim/allowed_domains : ! lsearch;/etc/exim/allowed_mails allow_fail data = :fail: You can not send mail from this mailbox from this server.

well, in the files allowed_domains and allowed_mails added domains to which you can send mail, in the file allowed_domain the test.com is registered, the file allowed_miles is empty

checked through exim -d + all -bt

exim -d+all -bt
11:58:30 30782 Exim version 4.89 uid=0 gid=0 pid=30782 D=fffdffff
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers OpenSSL Content_Scanning DKIM DNSSEC Event OCSP PRDR TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sq
lite
Authenticators: cram_md5 cyrus_sasl dovecot gsasl plaintext spa tls
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [4.8.5 20150623 (Red Hat 4.8.5-16)]
Library version: Glibc: Compile: 2.17 Runtime: 2.17
Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips 26 Jan 2017 Runtime: OpenSSL 1.0.2k-fips 26 Jan 2017 : built on: reproducible build, date unspecified
Library version: Cyrus SASL: Compile: 2.1.26 Runtime: 2.1.26 [Cyrus SASL]
Library version: GNU SASL: Compile: 1.8.0 Runtime: 1.8.0
Library version: PCRE: Compile: 8.32 Runtime: 8.32 2012-11-30
11:58:30 30782 Loading lookup modules from /usr/lib64/exim/4.89-2.el7/lookups
11:58:30 30782 Loaded 0 lookup modules
11:58:30 30782 Total 18 lookups
Library version: SQLite: Compile: 3.7.17 Runtime: 3.7.17
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST: "/etc/exim/trusted-configs"
11:58:30 30782 changed uid/gid: forcing real = effective
11:58:30 30782 uid=0 gid=0 pid=30782
11:58:30 30782 auxiliary group list: <none>
11:58:30 30782 seeking password data for user "root": cache not available
11:58:30 30782 getpwnam() succeeded uid=0 gid=0
11:58:30 30783 changed uid/gid: calling tls_validate_require_cipher
11:58:30 30783 uid=93 gid=93 pid=30783
11:58:30 30783 auxiliary group list: <none>
11:58:30 30782 tls_validate_require_cipher child 30783 ended: status=0x0
11:58:30 30782 configuration file is /etc/exim/exim.conf
11:58:30 30782 log selectors = 00000ffc 06320202
11:58:30 30782 trusted user
11:58:30 30782 admin user
11:58:30 30782 DSN: check_outgoing_from_header propagating DSN
11:58:30 30782 DSN: check_outgoing propagating DSN
11:58:30 30782 DSN: dnslookup propagating DSN
11:58:30 30782 DSN: userforward propagating DSN
11:58:30 30782 DSN: procmail propagating DSN
11:58:30 30782 DSN: autoreplay propagating DSN
11:58:30 30782 DSN: aliases propagating DSN
11:58:30 30782 DSN: localuser_fwd_only propagating DSN
11:58:30 30782 DSN: localuser_spam propagating DSN
11:58:30 30782 DSN: localuser propagating DSN
11:58:30 30782 DSN: catchall propagating DSN
11:58:30 30782 DSN: terminate_alias propagating DSN
11:58:30 30782 originator: uid=0 gid=0 login=root name=root
11:58:30 30782 sender address =
11:58:30 30782 Address testing: uid=0 gid=93 euid=0 egid=93
11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
11:58:30 30782 Testing
11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
11:58:30 30782 Considering
11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
11:58:30 30782 routing
11:58:30 30782 --------> check_outgoing_from_header router <--------
11:58:30 30782 local_part=dg domain=test.com
11:58:30 30782 checking domains
11:58:30 30782 search_open: dsearch "/etc/exim/domains/"
11:58:30 30782 search_find: file="/etc/exim/domains/"
11:58:30 30782 key="test.com" partial=-1 affix=NULL starflags=0
11:58:30 30782 LRU list:
11:58:30 30782 5/etc/exim/domains/
11:58:30 30782 End
11:58:30 30782 internal_search_find: file="/etc/exim/domains/"
11:58:30 30782 type=dsearch key="test.com"
11:58:30 30782 file lookup required for test.com
11:58:30 30782 in /etc/exim/domains/
11:58:30 30782 lookup failed
11:58:30 30782 test.com in "dsearch;/etc/exim/domains/"? no (end of list)
11:58:30 30782 test.com in "! +local_domains"? yes (end of list)
11:58:30 30782 checking "condition" "${if !match {$header_from:}{$sender_address}}"... 11:58:30 30782 /considering: ${if !match {$header_from:}{$sender_address}} 11:58:30 30782 /considering: $header_from:}{$sender_address}} 11:58:30 30782 |__expanding: $header_from: 11:58:30 30782 \_____result: 11:58:30 30782 /considering: $sender_address}} 11:58:30 30782 |__expanding: $sender_address 11:58:30 30782 \_____result: 11:58:30 30782 |__condition: !match {$header_from:}{$sender_address} 11:58:30 30782 |_____result: true 11:58:30 30782 |__expanding: ${if !match {$header_from:}{$sender_address}} 11:58:30 30782 \_____result: true
11:58:30 30782 calling check_outgoing_from_header router
11:58:30 30782 rda_interpret (string): :fail: You can not send mail from here with From: $header_from as sender: $sender_address 11:58:30 30782 /considering: :fail: You can not send mail from here with From: $header_from as sender: $sender_address 11:58:30 30782 |__expanding: :fail: You can not send mail from here with From: $header_from as sender: $sender_address 11:58:30 30782 \_____result: :fail: You can not send mail from here with From: as sender:
11:58:30 30782 expanded: :fail: You can not send mail from here with From: as sender:
11:58:30 30782 file is not a filter file
11:58:30 30782 parse_forward_list: :fail: You can not send mail from here with From: as sender:
11:58:30 30782 extract item: :fail: You can not send mail from here with From: as sender:
11:58:30 30782 check_outgoing_from_header router forced address failure is undeliverable: You can not send mail from here with From: as sender:
11:58:30 30782 search_tidyup called
11:58:30 30782 >>>>>>>>>>>>>>>> Exim pid=30782 terminating with rc=2 >>>>>>>>>>>>>>>>

how do I fix the rules begin routers or should I write other rules, maybe acl?

4 Reset to default

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like