[snip]
> Well, assuming you can configure Exchange to reject mail for invalid
> accounts at the smtp conversation stage, then you can, if you like,
> avoid ldap altogether and use smtp callout verification. The way this
> works is, when Exim is receiving a message, it checks each recipient
> with the machine that it will ultimately deliver the message to. If
the
> destination machine rejects the message, Exim rejects it.
>
> Now, if you can't configure Exchange to do that, read no further.
> According to a recent thread in this list, Exchange 2003 can do it
quite
> easily while (iirc) Exchange 2000 can be persuaded with a bit of
> kicking. If you manage that, then a config something like this will
> work:
If I get this right, you're saying that I should stop focusing on
"getting exim to check in AD-ldap for the user" and let exchange do the
trick? I hope
that's the last option that I have, since exchange is IMHO really a pain
in
the ass and shouldn't do anything but sending meetingrequest and give
hackers the feeling that they did something usefull... anyway I'll keep
that
in mind and figuring out how to realize that with exchange shouldn't be
that
difficult (reinstall servicepack xyz, delete registry key, drop pants in
front of server and insert the installation-cd while pressing any-key or
something like that...)
[snip]
>
> deny domains = +relay_domains
> !verify = recipient/defer_ok/callout=no_cache
>
> What that does is tell Exim to check with the Exchange box for every
> incoming recipient and see if it will be accepted. If not, it rejects
> that recipient. Since only valid recipients are accepted, you don't
> have to worry at the router stage about doing any testing. Anything
> with your main domain address that makes it to the main_domain router
is
> kosher.
>
> A few notes:
>
> * the defer_ok means that it should accept mail if it can't
> find the Exchange box to verify.
> * The =nocache option is there just because of a bug in the
> latest version of Exim. If you are using an earlier version
> than 4.31, you don't need it.
> * If your internal mail system becomes any more complex, this
> will need some reworking
> * This example config does no virus checking or any serious
spam
> filtering.
> * I have not tested this config
>
> But it does do what you want, with no LDAP lookups.
>
> --
> Bruce