Re: [EXIM] How to only use a smart host for "good" addresses…

Top Page
Delete this message
Reply to this message
Author: Harald Meland
Date:  
To: exim-users
Subject: Re: [EXIM] How to only use a smart host for "good" addresses?
[Philip Hazel]

> On Mon, 21 Dec 1998, Marc Haber wrote:
>
> > However, when somebody mistypes an address that yields a known bad
> > address like "localpart@???", this mail is delivered to
> > the smart host too. This causes bounces not to go to me as postmaster
> > of the exim machine, but to our ISP's postmaster.
>
> Why is that happening? The message should be sent to the smarthost with
> the correct sender, so the bounce should return to that sender.


I may be misunderstanding what Marc's problem is, but for me the
problem is that my mail relays don't really know which localparts are
valid -- consider this scenario:

 1. Some Eudora user misconfigures the Return address to read
    <invalid.address@???>.


 2. Eudora talks to my mail relay, which happily accepts the sender
    address (it is syntactically valid, and the domain part is
    registered correctly in DNS)


 3. Exim on the mail relay relays the message to my mail hub, which
    says:
      550 Unknown local user 'invalid.address'


 4. Exim on the mail relay then tries sending a error message to
    <invalid.address@???>.  This message, of course, is rejected by
    the mail hub (which isn't running Exim yet, BTW) --
    'invalid.address' is still not any known localpart.


 5. The error message which the mail hub won't accept is frozen on the
    mail relay.


Depending on the number of mail relay hosts you have, this can leave
you with quite a lot of Exim spools to check for frozen error
messages.

Setting 'ignore_errmsg_errors' (or 'ignore_errmsg_errors_after') to
true does help a bit, but I would prefer the original error message to
be available in full -- a single line in the log stating the incorrect
address is not all that helpful when trying to track down which Eudora
user has misconfigured their return address.

With sendmail, the failed error message is made into a error message,
with both envelope sender and recipient set to MAILER-DAEMON. The
original, bogus-envelope-sender message is then available to whoever
receives MAILER-DAEMON's mail.

I can see a few possible "solutions" to the problem:

* Make all valid localparts known to all hosts running any SMTP
service (via some grand distributed configuration scheme, like
LDAP). However, this is a situation I am not very likely to find
myself in shortly...

* Come up with something clever to make Exim do what sendmail does.

* Make some scripts to gather up the frozen error messages from my
mail relays and put them somewhere (e.g. in MAILER-DAEMON's
mailbox) "by hand".

* Set `ignore_errmsg_errors', scan Exim's logs for ignored error
messages, and compare with POP logs, samba logs, and so on and so
forth in an attempt to track down which Eudora user I should notify
about the incorrect sender address.

 * Set 'ignore_errmsg_errors' and just don't care that whoever sets
   their MUA up to use incorrect sender addresses won't be able to
   send _anyone_ mail.  This option is tempting, to say the least ;-)
   [ An additional bonus is that this solution would reduce the
     possibility that my users are feeling I'm invading their
     privacy. ]


OTOH, I might be missing something -- if so, would anyone please tell
me what it is?
--
Harald

--
*** Exim information can be found at http://www.exim.org/ ***