I have smtp callback enabled (I think, seemed to show up during
testing), but I think it is interacting with my other verify
options.
To quote my config file:
<quote>
headers_check_syntax = true
headers_checks_fail = true
receiver_try_verify = true
sender_try_verify = true
headers_sender_verify = true
sender_verify_reject = true
sender_reject_recipients = @@lsearch*;/usr/local/exim/sender_reject_recipients_data
recipients_reject_except = "postmaster:postmaster@???:\
postmaster@???"
log_refused_recipients = true
# Attempt to verify incoming mail from commonly forged domains.
sender_verify_hosts_callback = *
sender_verify_callback_domains = lsearch;/usr/local/exim/callback_domains
sender_verify_fixup = true
log_ip_options = true
refuse_ip_options = true
</quote>
Is sender_try_verify too weak for this purpose? I'm trying to block
things with senders of
kellyjohnson548@???
which yields, when I push it through my script to do this:
neelix hgs 35 %> smtpcallback kellyjohnson548@???
kellyjohnson548
@hotmail.com
hotmail.com
MX lookup: mxhost is now mx06.hotmail.com
A lookup: mxhost is now mx06.hotmail.com
550 Requested action not taken: mailbox unavailable
neelix hgs 36 %>
So I think it should have been rejected. I'm seeing no mention of
callbacks in my logs. Should I?
Will changing sender_try_verify to sender_verify correct this problem?
I'm relectant to become that strict for all domains, as I think some
legitimate mails come from unverifiable addresses. Am I wrong
about that? This verifies
gcc-help-return-9951-hgs=dmu.ac.uk@???
using smtp call back as a strategy:
neelix hgs 36 %> smtpcallback gcc-help-return-9951-hgs=dmu.ac.uk@???
gcc-help-return-9951-hgs=dmu.ac.uk
@gcc.gnu.org
gcc.gnu.org
MX lookup: mxhost is now gcc.gnu.org
A lookup: mxhost is now gcc.gnu.org
250 ok
neelix hgs 37 %>
Thank you,
Hugh
