--
On Tue, Oct 21, 2003 at 10:20:11AM -0400, Stephen Gran said:
> --
> On Tue, Oct 21, 2003 at 03:54:46PM +1000, exim@??? said:
> > exim-users-admin@??? wrote:
> > > What I want to do is something that is not precisely kosher, but bear
> > > with me.
> > [snip]
> > > relay_domains = dsearch {CONFDIR/relay-domains/}
> > > acceptable_users = lsearch {CONFIR/relay-domains/$domain} [snip]
>
> I have a manualroute for delivery to the domain I want to do recipient
> verification for, and it's uucp, so adding another for callout may mess
> with that - at least that's how I understand it.
>
> I have a list of valid users, and it's unlikely to change in the near
> future. Also, I am not sure that the real MX MTA is up 24/7, at least
> since I've started receiving all of their mail. If a callout fails
> because his host is offline, then I will bounce legitimate mail, and I
> don't want to do that.
>
> If I could just figure out the syntax for an acl that looks over the
> file, I'd be extremely happy.
I finally figured it out, but it looks like a crude hack to me. I am
posting it here both for comments (I wouldn't mind a better system) and
so other peple have a starting point.
acl_check_rcpt:
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
relevant routers:
uucphost:
transport = uucp
driver = manualroute
route_data = ${lookup{$domain}lsearch{/etc/exim4/uucphosts}}
local_parts = list:of:local:parts
dnslookup_relay_to_domains:
driver = dnslookup
domains = ! +local_domains : ! +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more
lookup:
driver = dnslookup
domains = ! +local_domains : ! +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
# ignore private rfc1918 and APIPA addresses
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
no_more
uucp transport:
uucp:
driver = pipe
user = nobody
command = /usr/bin/uux -r - \
${substr_-5:$host}!rmail ${local_part}
return_fail_output = true
I didn't manage to achieve quite what I wanted - lsearching the file
always returned "" for some reason (maybe I just never figured out the
right format for the file), so I had to manually specify a list of
addresses. Also note that i had to remove relay_to_domains from the
dns routers, so that they would also pass on the domain. This is not
perfect, as any other relay domains I add will now have to get their own
special router, and not get to use the regular dns one.
It does, however, stop mail to a bad address in the relay domain at the
rcpt to: stage, meaning I don't have to spam or virus scan it. This was
the main goal, so I am at least getting something back for it.
Hope that helps somebody, and maybe someone can suggest a more elegant
solution.
--
--------------------------------------------------------------------------
| Stephen Gran | When people say nothing, they don't |
| steve@??? | necessarily mean nothing. |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
--
Content-Description: Digital signature
[ signature.asc of type application/pgp-signature deleted ]
--
