In article <Pine.WNT.4.40.0111122117530.980-100000@???> I write:
>>On Mon, 12 Nov 2001, Mike Richardson wrote:
>> unscanned_mail:
>> driver = domainlist
>> transport = remote_smtp
>> route_list = "* mailscanhost.mycorp.com byname"
>> condition = ! ${eq {$sender_host_address}{192.168.1.1.}}
>>
>>The idea is that the router is only matched if the host from which the
>>mail was received does not have the IP address of the scanning host, so is
>>'unclean'.
>
>I tried something very similar on one of our machines. It worked for
>normal messages, but when it handled a bounce message, it looped. I
>haven't had time to do any detailed experiments to work out why, but a
>reasonable guess is that sender_host_address wasn't set correctly for
>the bounce message.
I'm sure it's no great surprise to find that my problem was a simple
configuration error, but I'll describe it since it was subtle enough
to take some time to spot.
The configuration descibed by Mike, quoted above, is of the form,
"send it to the scanner if the mail did not come from the scanner",
whereas my configuration was "send it to the intended destination if
the mail did come from the scanner." Under normal circumstances, it's
exactly the same as Mike's config.
Here's the relevant part of the exim configuration:
outgoing:
driver = lookuphost
condition = "${if eq {$sender_host_address}{192.168.1.1} {1}{0}}"
transport = remote_smtp
toviruscheck:
driver = domainlist
transport = remote_smtp
route_list = "* scanner.mycorp.com bydns_a"
end
Now, when replying to a spammer claiming to be jessica@???,
the following happened:
(Output from exim -d8 -oMa 192.168.1.1)
outgoing router called for jessica@???
dns lookup: route_domain = free-inter.net
DNS lookup of free-inter.net (MX) succeeded
DNS lookup of 255.255.255.255 (A) gave HOST_NOT_FOUND
returning DNS_NOMATCH
fully qualified name = free-inter.net
host_find_bydns yield = HOST_FIND_FAILED (0); returned hosts:
255.255.255.255 <null> 10 1042 *
outgoing router declined
toviruscheck router called for jessica@???
route_domain = free-inter.net
So my mistake was that I assumed that once the driver matched, it
would accept or fail the address, rather than declining it. Changing
the order of the routers so the virus check isn't a catchall should
fix the problem.
Peter
