Re: [Exim] relay_domains and verify = recipient

Top Page
Delete this message
Reply to this message
Author: Stephen Gran
Date:  
To: 'exim-users'
Subject: Re: [Exim] relay_domains and verify = recipient
--
On Tue, Oct 21, 2003 at 10:20:11AM -0400, Stephen Gran said:
> --
> On Tue, Oct 21, 2003 at 03:54:46PM +1000, exim@??? said:
> > exim-users-admin@??? wrote:
> > > What I want to do is something that is not precisely kosher, but bear
> > > with me.
> > [snip]
> > > relay_domains = dsearch {CONFDIR/relay-domains/}
> > > acceptable_users = lsearch {CONFIR/relay-domains/$domain} [snip]
>
> I have a manualroute for delivery to the domain I want to do recipient
> verification for, and it's uucp, so adding another for callout may mess
> with that - at least that's how I understand it.
>
> I have a list of valid users, and it's unlikely to change in the near
> future. Also, I am not sure that the real MX MTA is up 24/7, at least
> since I've started receiving all of their mail. If a callout fails
> because his host is offline, then I will bounce legitimate mail, and I
> don't want to do that.
>
> If I could just figure out the syntax for an acl that looks over the
> file, I'd be extremely happy.


I finally figured it out, but it looks like a crude hack to me. I am
posting it here both for comments (I wouldn't mind a better system) and
so other peple have a starting point.

acl_check_rcpt:

accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient

relevant routers:

uucphost:
transport = uucp
driver = manualroute
route_data = ${lookup{$domain}lsearch{/etc/exim4/uucphosts}}
local_parts = list:of:local:parts

dnslookup_relay_to_domains:
driver = dnslookup
domains = ! +local_domains : ! +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more

lookup:
  driver = dnslookup
  domains = ! +local_domains : ! +relay_to_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  # ignore private rfc1918 and APIPA addresses
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
  no_more


uucp transport:

uucp:
  driver = pipe
  user = nobody
  command = /usr/bin/uux -r - \
    ${substr_-5:$host}!rmail ${local_part}
  return_fail_output = true


I didn't manage to achieve quite what I wanted - lsearching the file
always returned "" for some reason (maybe I just never figured out the
right format for the file), so I had to manually specify a list of
addresses. Also note that i had to remove relay_to_domains from the
dns routers, so that they would also pass on the domain. This is not
perfect, as any other relay domains I add will now have to get their own
special router, and not get to use the regular dns one.

It does, however, stop mail to a bad address in the relay domain at the
rcpt to: stage, meaning I don't have to spam or virus scan it. This was
the main goal, so I am at least getting something back for it.

Hope that helps somebody, and maybe someone can suggest a more elegant
solution.
--
--------------------------------------------------------------------------
|  Stephen Gran                  | When people say nothing, they don't     |
|  steve@???             | necessarily mean nothing.               |
|  http://www.lobefin.net/~steve |                                         |

--------------------------------------------------------------------------
--
Content-Description: Digital signature

[ signature.asc of type application/pgp-signature deleted ]
--