exim отправка только на определенные домены

есть Centos 7, стоит extap по умолчанию для exim, мне нужно отправлять почту с моего сервера только на домены test.com и site.com, остальная часть почты с моего сервера должна быть заблокирована

exim config:

SPAMASSASSIN = yes SPAM_SCORE = 50 CLAMD = yes add_environment = <; PATH=/bin:/usr/bin keep_environment = disable_ipv6=true domainlist local_domains = dsearch;/etc/exim/domains/ domainlist relay_to_domains = dsearch;/etc/exim/domains/ hostlist relay_from_hosts = 127.0.0.1 hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf no_local_from_check  untrusted_set_sender = * acl_smtp_connect = acl_check_spammers acl_smtp_mail = acl_check_mail acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data acl_smtp_mime = acl_check_mime .ifdef SPAMASSASSIN  spamd_address = 127.0.0.1 783 .endif .ifdef CLAMD av_scanner = clamd: /var/run/clamav/clamd.sock .endif tls_advertise_hosts = * tls_certificate = /usr/local/vesta/ssl/certificate.crt tls_privatekey = /usr/local/vesta/ssl/certificate.key daemon_smtp_ports = 25 : 465 : 587 : 2525 tls_on_connect_ports = 465 never_users = root host_lookup = * rfc1413_hosts = * rfc1413_query_timeout = 5s ignore_bounce_errors_after = 2d timeout_frozen_after = 7d DKIM_DOMAIN = $} DKIM_FILE = /etc/exim/domains/$}/dkim.pem DKIM_PRIVATE_KEY = $} begin acl acl_check_spammers:  accept hosts = +whitelist drop message = Your host in blacklist on this server. log_message = Host in blacklist hosts = +spammers accept acl_check_mail: deny condition = ${}} message = HELO required before MAIL drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${\N((\d[.-]\d[.-]\d[.-]\d)|([0-9a-f])|([0-9A-F]))\N}} condition = $}\}{$sender_helo_name}} delay = 45s drop condition = $} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) drop condition = ${$sender_helo_name}} message = $interface_address is _my_ address accept acl_check_rcpt: accept hosts = : deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ require verify = sender accept hosts = +relay_from_hosts control = submission accept authenticated = * control = submission/domain= deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text hosts = !+whitelist dnslists = ${:}} require message = relay not permitted domains = +local_domains : +relay_to_domains deny message = smtp auth requried sender_domains = +local_domains !authenticated = * require verify = recipient .ifdef CLAMD warn set acl_m0 = no warn condition = $} set acl_m0 = yes .endif .ifdef SPAMASSASSIN  warn set acl_m1 = no warn condition = $} set acl_m1 = yes .endif accept acl_check_data: .ifdef CLAMD deny message = Message contains a virus ($malware_name) and has been rejected malware = * condition = $} .endif .ifdef SPAMASSASSIN  warn !authenticated = * hosts = !+relay_from_hosts condition = $} condition = $} spam = spamd:true/defer_ok add_header = X-Spam-Score: $spam_score_int add_header = X-Spam-Bar: $spam_bar add_header = X-Spam-Report: $spam_report set acl_m2 = $spam_score_int warn condition = ${} } condition = $ } add_header = X-Spam-Status: Yes message = SpamAssassin detected spam (from $sender_address to $recipients). .endif accept acl_check_mime: deny message = Blacklisted file extension detected condition = $}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}} accept begin authenticators  dovecot_plain: driver = dovecot public_name = PLAIN  server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 dovecot_login: driver = dovecot public_name = LOGIN  server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 begin routers dnslookup: driver = dnslookup  domains = * transport = remote_smtp no_more userforward: driver = redirect  check_local_user file = $home/.forward allow_filter no_verify no_expn check_ancestor file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply procmail: driver = accept check_local_user require_files = $:+$/.procmailrc:/usr/bin/procmail transport = procmail no_verify autoreplay: driver = accept require_files = /etc/exim/domains/$domain/autoreply.$.msg condition = $.msg}} retry_use_local_part transport = userautoreply unseen aliases: driver = redirect  headers_add = X-redirected: yes data = ${:}{$lsearch{/etc/exim/domains/$domain/aliases}}}} require_files = /etc/exim/domains/$domain/aliases redirect_router = dnslookup pipe_transport = address_pipe unseen localuser_fwd_only:  driver = accept transport = devnull  condition = ${$lsearch{/etc/exim/domains/$domain/fwd_only}}}} localuser_spam: driver = accept transport = local_spam_delivery condition = ${\N^Yes\N}}} {$lsearch{/etc/exim/domains/$domain/passwd}}}} localuser: driver = accept transport = local_delivery condition = $lsearch{/etc/exim/domains/$domain/passwd}} catchall: driver = redirect  headers_add = X-redirected: yes require_files = /etc/exim/domains/$domain/aliases data = ${:}{$lsearch{/etc/exim/domains/$domain/aliases}}}} file_transport = local_delivery redirect_router = dnslookup terminate_alias: driver = accept transport = devnull  condition = $lsearch{/etc/exim/domains/$domain/aliases}} begin transports remote_smtp: driver = smtp #helo_data = $sender_address_domain dkim_domain = DKIM_DOMAIN dkim_selector = mail dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0 procmail: driver = pipe command = "/usr/bin/procmail -d $local_part" return_path_add delivery_date_add  envelope_to_add user = $local_part  initgroups return_output local_delivery: driver = appendfile  maildir_format maildir_use_size_file user = ${:}{$lsearch{/etc/exim/domains/$domain/passwd}}}} group = mail create_directory directory_mode = 770 mode = 660 use_lockfile = no  delivery_date_add  envelope_to_add return_path_add directory = "${:}{$lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" quota = ${:}{$lsearch{/etc/exim/domains/$domain/passwd}}}}M quota_warn_threshold = 75% local_spam_delivery:  driver = appendfile  maildir_format maildir_use_size_file user = ${:}{$lsearch{/etc/exim/domains/$domain/passwd}}}} group = mail create_directory directory_mode = 770 mode = 660 use_lockfile = no  delivery_date_add  envelope_to_add return_path_add directory = "${:}{$lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" quota = ${:}{$lsearch{/etc/exim/domains/$domain/passwd}}}}M quota_directory = "${:}{$lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" quota_warn_threshold = 75% address_pipe: driver = pipe return_output address_file: driver = appendfile  delivery_date_add  envelope_to_add return_path_add address_reply: driver = autoreply  userautoreply: driver = autoreply  file = /etc/exim/domains/$domain/autoreply.$.msg from = "$@$" headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit subject = "$\"} }" to = "$" devnull: driver = appendfile  file = /dev/null begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,6h begin rewrite 

добавлен в основной конфиг /etc/exim/exim.conf сразу после начала работы роутеров, т.е. я так и сделал

begin routers  check_outgoing_from_header: driver = redirect domains = ! +local_domains condition = ${$sender_address}} allow_fail data = :fail: You can not send mail from here with From: $header_from as sender: $sender_address  check_outgoing: driver = redirect domains = ! +local_domains senders = ! : ! *@lsearch;/etc/exim/allowed_domains : ! lsearch;/etc/exim/allowed_mails allow_fail data = :fail: You can not send mail from this mailbox from this server. 

хорошо, в файлах allow_domains и allow_mails добавлены домены, на которые можно отправлять почту, в файле allow_domain зарегистрирован test.com, файл allow_miles пуст

проверено через exim -d + all -bt test@test.com

exim -d+all -bt test@test.com 11:58:30 30782 Exim version 4.89 uid=0 gid=0 pid=30782 D=fffdffff Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers OpenSSL Content_Scanning DKIM DNSSEC Event OCSP PRDR TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sq lite Authenticators: cram_md5 cyrus_sasl dovecot gsasl plaintext spa tls Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0  Configure owner: 0:0  Size of off_t: 8 Compiler: GCC [4.8.5 20150623 (Red Hat 4.8.5-16)] Library version: Glibc: Compile: 2.17 Runtime: 2.17 Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips 26 Jan 2017 Runtime: OpenSSL 1.0.2k-fips 26 Jan 2017 : built on: reproducible build, date unspecified Library version: Cyrus SASL: Compile: 2.1.26 Runtime: 2.1.26 [Cyrus SASL] Library version: GNU SASL: Compile: 1.8.0 Runtime: 1.8.0 Library version: PCRE: Compile: 8.32 Runtime: 8.32 2012-11-30 11:58:30 30782 Loading lookup modules from /usr/lib64/exim/4.89-2.el7/lookups 11:58:30 30782 Loaded 0 lookup modules 11:58:30 30782 Total 18 lookups Library version: SQLite: Compile: 3.7.17 Runtime: 3.7.17 WHITELIST_D_MACROS unset TRUSTED_CONFIG_LIST: "/etc/exim/trusted-configs" 11:58:30 30782 changed uid/gid: forcing real = effective 11:58:30 30782 uid=0 gid=0 pid=30782 11:58:30 30782 auxiliary group list: <none> 11:58:30 30782 seeking password data for user "root": cache not available 11:58:30 30782 getpwnam() succeeded uid=0 gid=0 11:58:30 30783 changed uid/gid: calling tls_validate_require_cipher 11:58:30 30783 uid=93 gid=93 pid=30783 11:58:30 30783 auxiliary group list: <none> 11:58:30 30782 tls_validate_require_cipher child 30783 ended: status=0x0 11:58:30 30782 configuration file is /etc/exim/exim.conf 11:58:30 30782 log selectors = 00000ffc 06320202 11:58:30 30782 trusted user 11:58:30 30782 admin user 11:58:30 30782 DSN: check_outgoing_from_header propagating DSN 11:58:30 30782 DSN: check_outgoing propagating DSN 11:58:30 30782 DSN: dnslookup propagating DSN 11:58:30 30782 DSN: userforward propagating DSN 11:58:30 30782 DSN: procmail propagating DSN 11:58:30 30782 DSN: autoreplay propagating DSN 11:58:30 30782 DSN: aliases propagating DSN 11:58:30 30782 DSN: localuser_fwd_only propagating DSN 11:58:30 30782 DSN: localuser_spam propagating DSN 11:58:30 30782 DSN: localuser propagating DSN 11:58:30 30782 DSN: catchall propagating DSN 11:58:30 30782 DSN: terminate_alias propagating DSN 11:58:30 30782 originator: uid=0 gid=0 login=root name=root 11:58:30 30782 sender address = root@dev.test.com 11:58:30 30782 Address testing: uid=0 gid=93 euid=0 egid=93 11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 11:58:30 30782 Testing test@test.com 11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 11:58:30 30782 Considering test@test.com 11:58:30 30782 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 11:58:30 30782 routing test@test.com 11:58:30 30782 --------> check_outgoing_from_header router <-------- 11:58:30 30782 local_part=dg domain=test.com 11:58:30 30782 checking domains 11:58:30 30782 search_open: dsearch "/etc/exim/domains/" 11:58:30 30782 search_find: file="/etc/exim/domains/" 11:58:30 30782 key="test.com" partial=-1 affix=NULL starflags=0 11:58:30 30782 LRU list: 11:58:30 30782 5/etc/exim/domains/ 11:58:30 30782 End  11:58:30 30782 internal_search_find: file="/etc/exim/domains/" 11:58:30 30782 type=dsearch key="test.com" 11:58:30 30782 file lookup required for test.com 11:58:30 30782 in /etc/exim/domains/ 11:58:30 30782 lookup failed 11:58:30 30782 test.com in "dsearch;/etc/exim/domains/"? no (end of list) 11:58:30 30782 test.com in "! +local_domains"? yes (end of list) 11:58:30 30782 checking "condition" "${$sender_address}}"... 11:58:30 30782 /considering: ${$sender_address}} 11:58:30 30782 /considering: $header_from:}{$sender_address}} 11:58:30 30782 |__expanding: $header_from: 11:58:30 30782 \_____result: 11:58:30 30782 /considering: $sender_address}} 11:58:30 30782 |__expanding: $sender_address 11:58:30 30782 \_____result: root@dev.test.com 11:58:30 30782 |__condition: !match {$header_from:}{$sender_address} 11:58:30 30782 |_____result: true 11:58:30 30782 |__expanding: ${$sender_address}} 11:58:30 30782 \_____result: true 11:58:30 30782 calling check_outgoing_from_header router 11:58:30 30782 rda_interpret (string): :fail: You can not send mail from here with From: $header_from as sender: $sender_address 11:58:30 30782 /considering: :fail: You can not send mail from here with From: $header_from as sender: $sender_address 11:58:30 30782 |__expanding: :fail: You can not send mail from here with From: $header_from as sender: $sender_address 11:58:30 30782 \_____result: :fail: You can not send mail from here with From: as sender: root@dev.test.com 11:58:30 30782 expanded: :fail: You can not send mail from here with From: as sender: root@dev.test.com 11:58:30 30782 file is not a filter file 11:58:30 30782 parse_forward_list: :fail: You can not send mail from here with From: as sender: root@dev.test.com 11:58:30 30782 extract item: :fail: You can not send mail from here with From: as sender: root@dev.test.com 11:58:30 30782 check_outgoing_from_header router forced address failure test@test.com is undeliverable: You can not send mail from here with From: as sender: root@dev.test.com 11:58:30 30782 search_tidyup called 11:58:30 30782 >>>>>>>>>>>>>>>> Exim pid=30782 terminating with rc=2 >>>>>>>>>>>>>>>> 

как мне исправить правила запуска маршрутизаторов или мне следует написать другие правила, может быть, acl?