Re: [Exim] disabling sender verification for one domain

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Vincent Danen
Fecha:  
A: Keith Goettert
Cc: exim-users
Asunto: Re: [Exim] disabling sender verification for one domain
--
On Sat Aug 23, 2003 at 05:45:36PM -0700, Keith Goettert wrote:

> Have you tried adding linsec.vx to exim's "domainlist local_domains"
> setting?


Yup. Doesn't make a difference. Using -bh, if I do:

MAIL FROM:<root@???>
RCPT TO:<vdanen@???>

I end up with:

550-Verification failed for <root@???>
550-Unrouteable address
550 Sender verify failed

And that's with having it in /etc/exim/localdomains (domainlist
local_domains = /etc/exim/localdomains) and not having it in there (either
way).

It's the "require verify = sender" that is causing the problem, I'm sure of
it.

> This is probably a dumb question but it has me stumped.
>
> exim is happily bouncing mails from my internal LAN which have a
> nonexistant domain of "linsec.vx", so mail from root@???
> is bouncing because it can't do a sender verify. I like having the
> sender verify there but want to exclude @.*linsec.vx from the domains
> that get the verify. In other words, I'd like to arbitrarily skip
> sender verify on .*linsec.vx, but keep it for everything else.
>
> I've been mucking around all day with exim working on ACLs and all kinds
> of other fun stuff and have managed to work my way through everything
> except this. I really don't know where or what to put. I know it needs
> to go in acl_check_rcpt and most likely in the first stanza:
>
> accept hosts = :
> deny   local_parts = ^.*[@%/|] : ^\\.
> accept local_parts = postmaster
>        domains - +local_domains
> require verify = sender

>
> I don't see any options with sender that can be used like this (like
> sender:!.*.linsec.vx or something).
>
> Is this even possible to accomplish? I would suspect so with the
> remarkable things exim can do, but this one has me really stumped and I
> suspect it's because (although I'm understanding them more and more)
> ACLs are still a little complicated to me.
>
> Thanks for any pointers.


--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}

--
[ Content of type application/pgp-signature deleted ]
--