All internal IP addresses should be added to the INTERNAL_IP mapping table as discussed above. If you have friendly or companion systems/sites from which you wish to allow SMTP relaying, the simplest approach is to include them along with your true internal IP addresses in your INTERNAL_IP mapping table.
If you don’t wish to consider these as true internal systems/sites, (for instance, if for logging or other control purposes you wish to distinguish between true internal systems versus the friendly non-internal systems with relay privileges), there are other ways to configure the system.
One approach is to set up a special channel for receiving messages from such friendly systems. Do this by creating a tcp_friendly channel akin to your existing tcp_internal channel with official host name tcp_friendly-daemon, and a FRIENDLY_IP mapping table akin to your INTERNAL_IP mapping table that lists the friendly system IP addresses. Then right after the current rewrite rule:
! Do mapping lookup for internal IP addresses [] $E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon
add a new rewrite rule:
! Do mapping lookup for "friendly", non-internal IP addresses [] $E$R${FRIENDLY_IP,$L}$U%[$L]@tcp_friendly-daemon
An alternate approach is to add to your ORIG_SEND_ACCESS mapping table above the final $N entry, new entries of the form
tcp_local|*@siroe.com|tcp_local|* $Y
where siroe.com is the name of a friendly domain, and to add an ORIG_MAIL_ACCESS mapping table of the form:
ORIG_MAIL_ACCESS TCP|*|25|$(match-siroe.com-IP-addresses)|*|SMTP|MAIL| \ tcp_local|*@siroe.com|tcp_local|* $Y TCP|*|*|*|*|SMTP|MAIL|tcp_local|*|tcp_local|* $N
where the $(...) IP address syntax is the same syntax described in the previous section. The ORIG_SEND_ACCESS check will succeed as long as the address is ok, so we can go ahead and also do the ORIG_MAIL_ACCESS check which is more stringent and will only succeed if the IP address also corresponds to an siroe.com IP address.