Re: [EXIM] I'm confused with anti-spam and relaying options

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Andromeda
CC: exim-users
Subject: Re: [EXIM] I'm confused with anti-spam and relaying options
On Wed, 7 Oct 1998, Andromeda wrote:

> AFAIK this is in place by default. But sender_verify only sends a 4xx error
> code, does it not? Or am I totally wrong here?


Fortunately, you are wrong. If verification fails hard, it sends a 5xx
error; only if there is a temporary problem (e.g. timeout while looking
up the domain in the DNS) does it send 4xx. (*When* it sends the 5xx
error varies, depending on the number of recent failures. See 40.2.)

> What does verify_only do?


It means that the director or router is used only when verifying
incoming addresses, not when actually directing or routing an address
for deliverying mail. Thus you can process addresses in a different way
when verifying, should you want to. (See also the "verify" option, which
works the other way round - setting "no_verify" means that the director
or router is *not* used when verifying.)

> I guess by outgoing I mean if one of my users sends mail (using a MUA).


... running on your host, or running on some other host? If the latter,
is the set of hosts limited somehow, or not? This is where the problems
lie.

> Ok... I might be able to use relay_match_host_or_sender, but I need to
> verify that the sender part is ANY valid user in the $domain-aliases file.


That's where you have to set up suitable directors/routers to do the
validation.

> That I don't know how to do. How would I split the address on the left and
> the right of the @-sign (e.g. localpart@domain) and then search for the
> localpart in the $domain-aliases file?


Off the top of my head, if the domain is local, you could use a director
like

verify_local_user:
driver = aliasfile
domains = lsearch;/list/of/relevant/domains
verify_only
verify_sender (if necessary)
no_more
file = /etc/$domain-aliases

Entirely untested. E&OE. You can test how your verification
configuration is doing by running commands like

exim -bv address-to-be-verified

That will verify as a recipient. Use -bvs to verify a sender. Use -d (or
-d2, -d4 ... -d9) to get additional debugging information. See also the
debug_print option.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.



--
*** Exim information can be found at http://www.exim.org/ ***