[Exim] Using ACLs to verify RCPT TO

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: ISP List
Dátum:  
Címzett: exim-users
Tárgy: [Exim] Using ACLs to verify RCPT TO
Hi all,

We're running MailScanner on several load-balanced inbound SMTP / MX
handling machines running exim 4.x as the MTA. These machines do a MySQL
lookup to verify the "allowed relay" domains for each message, and then we
use a SMTP "smart route" to send all scanned mail to the final destination
mail server (which is also determined by a SQL lookup).

The problem with this approach is that we cannot generate "550 user
unknown" errors during the SMTP negotiation phase because the exim boxes
don't have any local accounts, so they don't know if the address exists or
not. This results in the "accept and bounce" behavior for non-existent
mailboxes, which then results in a *large* number of bounce messages being
sent to hotmail, yahoo, msn and others due to spammers forging the From:
address (which then results in them tarpitting our SMTP connections). I'd
rather not use the (potentially expensive) recipient/callout SMTP function.

So, what I would like exim to do is to be able to do a LDAP or SQL lookup
during the SMTP negotiation phase (following the RCPT TO) to determine if
the recipient address is valid or not. Based on my research, using exim
4.x's ACL facility seems to be the best approach, but I'm a little unclear
on the proper syntax as the manual does not give any examples when using
LDAP or SQL. Should I be using the "recipients = <address list>"
condition, or make up a custom "condition = " of my own?

Any pointers would be much appreciated.


---------------------------------------
Mike Bacher / mike@???
SparkLogic Development / ISP Consulting
Use OptiGold ISP? Check out OptiSkin!
http://www.sparklogic.com/optiskin/
---------------------------------------