[Exim] 3.36, verify, smtp callback and rejection messages

Etusivu
Poista viesti
Vastaa
Lähettäjä: Hugh Sasse Staff Elec Eng
Päiväys:  
Vastaanottaja: EXIM users list
Aihe: [Exim] 3.36, verify, smtp callback and rejection messages
I have smtp callback enabled (I think, seemed to show up during
testing), but I think it is interacting with my other verify
options.

To quote my config file:

<quote>
headers_check_syntax = true
headers_checks_fail = true

receiver_try_verify = true
sender_try_verify = true
headers_sender_verify = true
sender_verify_reject = true

sender_reject_recipients = @@lsearch*;/usr/local/exim/sender_reject_recipients_data
recipients_reject_except = "postmaster:postmaster@???:\
                            postmaster@???"


log_refused_recipients = true


# Attempt to verify incoming mail from commonly forged domains.
sender_verify_hosts_callback = *
sender_verify_callback_domains = lsearch;/usr/local/exim/callback_domains

sender_verify_fixup = true

log_ip_options = true

refuse_ip_options = true

</quote>

Is sender_try_verify too weak for this purpose? I'm trying to block
things with senders of

kellyjohnson548@???

which yields, when I push it through my script to do this:
neelix hgs 35 %> smtpcallback kellyjohnson548@???
kellyjohnson548
@hotmail.com
hotmail.com
MX lookup: mxhost is now mx06.hotmail.com
A lookup: mxhost is now mx06.hotmail.com
550 Requested action not taken: mailbox unavailable
neelix hgs 36 %>

So I think it should have been rejected. I'm seeing no mention of
callbacks in my logs. Should I?

Will changing sender_try_verify to sender_verify correct this problem?

I'm relectant to become that strict for all domains, as I think some
legitimate mails come from unverifiable addresses. Am I wrong
about that? This verifies

gcc-help-return-9951-hgs=dmu.ac.uk@???

using smtp call back as a strategy:

neelix hgs 36 %> smtpcallback gcc-help-return-9951-hgs=dmu.ac.uk@???
gcc-help-return-9951-hgs=dmu.ac.uk
@gcc.gnu.org
gcc.gnu.org
MX lookup: mxhost is now gcc.gnu.org
A lookup: mxhost is now gcc.gnu.org
250 ok
neelix hgs 37 %>


        Thank you,
        Hugh