Skip to content

Instantly share code, notes, and snippets.

@mcnemesis
Created March 10, 2014 10:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mcnemesis/9462638 to your computer and use it in GitHub Desktop.
Save mcnemesis/9462638 to your computer and use it in GitHub Desktop.
Telling Exim4 to allow users on external networks to use the mail server as a relay:
So, for example your mail server has local ip:
192.168.1.1
In that case, if you only wish let you local users use the mail server to send mail, then configure the relay host as this:
In `/etc/exim4/update-exim4.conf.conf`, set the relay network to only allow local machines for example (probably filter with a Class C mask)
dc_relay_nets='192.168.1.0/24'
In that case, any machine with IP 192.168.1.0-255 can send mail via the server.
NOTE: by default, 127.0.0.1, ::1 are allowed to relay via the server (even when not explicitly specified to - as it only makes sense - sendmail is local anyways)
Allowing Public / External Networks
====================================
Now, if you wish to also allow users on external networks (e.g if you wish to allow users on broaband) to also use your mail server as their smtp node, then u have to adjust the above configuration to specify either a particular ip, or ip range (or network).
So, for example of the ISP assigns you a static ip (but possibly u know the public ip might be a range 8.8.1.0 - 8.8.255.255), you might specify these multiple relay nets like this
dc_relay_nets='192.168.129.0/24:8.8.1.0/16'
But beware, this might open up your relay to a whole range of machines, of which there's a high risk if some are vulnerable or not under your control. So, it's always advisable to limit the relay networks to only internal and local ips.
Loading New Configuration
======================================
Since we are using Exim4, and since we have opted to use the recommended approach for Debian (making changes in `/etc/exim4/update-exim4.conf.conf`, and letting the system autogenerate the actual conf), then we apply the changes like this:
update-exim4.conf
to autogenerate a new configuration for Exim4, then
/etc/init.d/exim4 restart
or
/etc/init.d/exim4 reload
to load the new configuration.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment