Accept remote mails only from trusted IP domain-wise

[ipole]

I have an external spam filter server, and want some of my domains on Cpanel to accept mails which have originated only from the spam filter server. This is to avoid spammers who directly deliver to the mail server, instead of the MX.

However, the same Cpanel server hosts other unprotected domains for whom the mail deliveries should work directly. At the same time, in case another domain on this server mails to the protected domain (local deliveries), they should be permitted.

I am no expert at Exim, but was trying to write a smarthost filter which will check the sender_host_name if it doesn't match with my external spam filter server, and a couple of other conditions, then it would handover the mail to the spam filter server. The spam filter server would then send it back to the Cpanel server in case the mail was clean. I am pasting the condition below, but it seems to be going wrong somewhere and directing all mails to the spam filter server.

smarthost_protecteddomains:
   condition = "${if and { \
		{!eq {${lc:$sender_host_name}} {myspamfilter.tld}} \
		{!eq {$received_protocol}{local}} \
		{eq {${domain}} {protecteddomain.tld}} \
	} {true}{fail}}"
   driver = manualroute
   transport = remote_smtp
   domains = ! +local_domains
   route_list = "* 204.12.250.154"

Does anybody find a flaw in this? Is there any better method to handle this situation?

 

[cPanelMichael]

Hello

The following thread provides some information on having only select domain names utilize a smart host:

Forward certain domain emails to Smart Host

Thank you.

 

[ipole]

Thanks for your response, Michael. I went through the URL referred by you. My requirement is a bit different.

The primary objective is that certain domains on the shared server must accept inbound mails originating only from my spamfilter server. It should not accept direct connections for inbound mail from the world. At the same time, mails from authenticated users who use the exim SMTP should be treated as normal and delivered locally, irrespective of the above rule.

Is there any way of achieving this in Exim?