Currently we use rewrite rules to map sender addresses such as
cgaa186@??? to a standard form such as j.g.holman@???. A
set of such mappings is maintained for each of several clusters of hosts
for which we provide a rewriting service. We also reject messages when the
domain of the sender address is a member of one of these clusters but there
is no mapping for the local part.
We are running exim 3.16, and define a router to do the sender check:
check_managed_sender_domains:
driver = lookuphost
verify_only
verify_recipient=false
fail_verify_sender
senders = partial4-cdb;/info/mail/tables/local_domain_class
This router only applies to sender addresses with a domain that is a member
of a managed cluster. Since a valid address with such a domain is rewritten
to the standard form with a domain in local_domains, the only addresses
seen by this router are invalid ones for which there is no mapping for the
local part. This approach is less straightforward than I'd like, but it works.
However, with exim 3.20 there is a problem. Sender verification now follows
up child addresses resulting from the expansion of local addresses
(providing there is only one such address). For example,
j.g.holman@??? is an acceptable sender address and would previously
been accepted. However, since an aliasfile director expands it to
cgaa186@??? and since alpha.qmw.ac.uk is included in the
local_domain_class table, the sender domain check now fails it.
I can see two ways around this:
1. Create special directors used only for sender verification in place of
the normal ones and use these to emulate the old sender verification
behaviour.
or
2. Reproduce the mapping process in the router that checks sender
addresses. I think this would lead to the following sequence:
a. the original sender address (e.g. cgaa186@???) is
rewritten (e.g. to j.g.holman@???)
b. j.g.holman@??? is verified as a sender address. The domain is
in local_domains, and the address it is rewritten by the aliasfile director
back to cgaa186@???
c. Now cgaa186@??? is verified as a sender address by
checking in the new router that cgaa186 is a registered local part in the
table of local parts associated with the alpha.qmw.ac.uk domain. To check
this means repeating most of the work done in step (a).
Neither of these alternatives is very appealing. Can anyone suggest a
better approach? Failing that, might it be sensible to have a configuration
option to restore the old sender verification behaviour?
Incidentally I think the new sender verification can cause a similar
problem in other circumstances. For example, it seems harder to write a
router that ensures that addresses leaving your site are valid in the sense
that an SMTP connection can be made through the firewall back to the domain
mentioned in the sender address.
Thanks for any suggestions ...
John