Re: [Exim] Temporary defer on callouts

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MBill Moseley at <-
MDavid Woodhouse at ->
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Bill Moseley
CC: Exim users list
Subject: Re: [Exim] Temporary defer on callouts
On Sun, 2004-02-01 at 07:45 -0800, Bill Moseley wrote:
> Right. Also I found that without the recipient callouts I ended up with
> lots of frozen messages on the backup MX.

Messages claiming to be _from_ invalid users at your domain, and also
_to_ invalid users. You have to trust it and accept both, and then it
turns out to be unbouncable.

I keep meaning to play with something that'll catch this and give a
temporary failure in that case -- something along the lines of... 

  defer    sender_domains = +dns_virtual_domains : +relay_domains
       domains    = +dns_virtual_domains : +relay_domains
       !verify    = recipient/callout=20s,random
       !verify    = sender/callout=20s,random
       message    = Target domain temporarily unavailable; cannot verify addresses


... just after the existing ACL clause which does recipient verification
for +relay_domains and +dns_virtual_domains (but _not_ for
+mailman_domains, as discussed).

> > But recipient verification callouts are done with a null sender, so
> > caused my backup MX to refuse to accept mail for the lists :)
>
> Good point.
>
> With respect to Mailman, I prefer lists to limit posting to subscribers
> and for non-member posts not to be kept for list owner approval. (I
> know that's a policy issue that not all agree with.) So, it would be
> nice to check for not only valid list, but valid subscriber at SMTP time
> (and use the envelope sender instead of From: header). Perhaps the
> "find_member" Mailman tool could be used for this.

Maybe. This won't work because I think it needs to run as mailman. It's
not wonderfully efficient either. Might give you a start though... 

list_reject_nonmembers:
    user = mailman # This isn't correct.
    driver = redirect
    require_files = MAILMAN_HOME/lists/${lc::$local_part}/config.db
    # Only if this list is set for member-posting only...
    condition = ${if eq{ \
        {${run {sh -c "/var/mailman/bin/dumpdb MAILMAN_HOME/lists/${lc::$local_part}/config.db | egrep member_posting_only.*0"}{}}$runrc} \
        {0}
        {yes}}
    # ... and only if this member isn't present in this list.
    condition = ${if eq{ \
        {${run {sh -c "/var/mailman/bin/find_member -l '${lc:$local_part}' $sender_address | grep 'found in'"}{}}$runrc} \
        {0}
        {no}{yes}}
    allow_fail
    data = :fail: You $sender_address are not a member of the ${lc::$local_part} list.


--
dwmw2




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] MyDoom filtering?[Exim] using director with LDAP->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)