Hello,
I recently tested a verify_only router (against our local domains and LDAP
address database) for our outbound SMTP servers to avoid people sending out
stuff with definitely non-replyable local addresses.
All worked as expected, but when running it on a production machine
I quickly noticed a few _real_ users and addresses that got rejected
with a "sender verify fail". Alas those addresses where good and worked
just fine when tested manually.
After disabling that router and banging my head against the logs that
stated nothing wrong it dawned on me today.
We a have a rewrite rule for people with Eudora (at least older versions
insist on sending/qualifying with the pop server name, popmail.gol.com
in our case):
---
*@popmail.gol.com $1@??? Ffrs
---
So what if those people where Eudora users?
And a manual test confirms that behavior:
---
220 nexgen01 ESMTP Magnetic Fields Wed, 22 Jan 2003 17:26:12 +0900
helo test
250 nexgen01 Hello localhost [127.0.0.1]
mail from: chibi@???
250 OK
rcpt to: testuser@???
550-Verification failed for <chibi@???>
550-Unrouteable address
550 Sender verify failed
---
Note that the the error message (and the logs) show the rewritten data
and not the _real_ reason why that verification failed.
I'll probably have to look into a "S" rewrite rule, but maybe the flow
at least for the logs and returned error messages could be changed in
future versions to reflect the actual data that was checked against
and not the result of the later rewrite rule.
And yes, I turned on rewrite logging now. ^_-
All of this with Exim 4.10 and 4.12.
Regards,
Christian Balzer
--
Christian Balzer Network Engineer Engineering
chibi@??? Global OnLine Japan/Exodus Communications K.K.
http://www.gol.com/