> accept domains = +local_domains
> endpass
> message = unknown user
> verify = recipient
> accept domains = +relay_to_domains
> endpass
> message = unrouteable address
> verify = recipient
With statements like that, the order doesn't matter since if it's not a
local domain, it just passes to check if it's a relay domain. I was
thinking that maybe you had an unconditional recipient verification
statement for everything before an accept for +relay_to_domains.
It seems that your problem is more your recipient verification. If you *do*
want to verify the recipient, then you must make sure that there is a router
which can properly verify that account. If you do and its just that
sometimes it isn't up to date, or that it's unable to verify from time to
time, then your problem may in fact be that ANOTHER router is actually
verifying the address when it shouldn't be.
You should make sure that all your routers have a "domains = " condition to
them so that they only verify accounts they know about. It seems (now with
more info) that you have a router that is verifying based on just the local
part, ignoring the domain portion completely. Fix that router up (you can
run exim -bd -d and then send an email to steve@??? and see which router
validates the address) and your problem should go away :)
Eli.
-----Original Message-----
From: exim-users-admin@??? [
mailto:exim-users-admin@exim.org] On Behalf
Of Stephen Gran
Sent: Thursday, January 29, 2004 6:30 AM
To: 'exim-users'
Subject: Re: [Exim] Problem with routing messages
On Thu, Jan 29, 2004 at 01:46:15AM -0500, Eli said:
> Your problem with failing to relay for foo.com and instead assume it's
local
> sounds not to be a problem with your relay router, but with your ACL
> statements.
>
> It sounds as if you have a verify = recipient BEFORE you accept for
> +relay_to_domains... Unless I've misinterpreted your problem :)
In fact, I do - smart man. What I have is this:
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
Verifying recipient is trivial for the relay_to_domains, so I don't need
to do callouts. Should I switch the ordering of these statements, do
you think? That seems the easiest.
> Also, I don't believe you should be using "verify_recipient" (or any
> verification for that matter) for your relay router - it *should* be up to
> that remote final destination to dictate which accounts are valid and
which
> are not.
Ordinarily, full ACK. On this box, I don't have the fastest link speed,
however, and my goal is to weed unnecessary bandwidth by not accepting
messages unnecessarily. The domains I am backup MX'ing are all small,
vanity-type domains with a stable userbase.
Thanks,
--
--------------------------------------------------------------------------
| Stephen Gran | If entropy is increasing, where is it |
| steve@??? | coming from? |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim
details at
http://www.exim.org/ ##
