Re: [Exim] Matching bounce recipients against sender hashes …

Top Page
Delete this message
Reply to this message
Author: Tor Slettnes
Date:  
To: Exim Users Mailing List
Old-Topics: Re: [Exim] Matching bounce recipients against sender hashes
Subject: Re: [Exim] Matching bounce recipients against sender hashes -- solved!
I got this setup working now. Thanks to Tony Finch, Christian Balzer,
and Dennis Davis for steering me in the right direction!

I abandoned the idea of creating a unique envelope-from for each
outgoing message; it conflicts with most greylisting implementations.

Instead, I set "return_path" to:
    <sender>=<receiver>=<receiver.domain>=<hmac/md5
signature>@<sender.domain>


For instance:
    tor=exim-users=exim.org=c4e8175bf517c0a772ae9cd7c3271ac2@???


This, although signed, stays constant for each sender/receiver pair,
and so works well with greylisting.


Some config snippets:

ACL:

  acl_check_rcpt:
        .....


     # If there is no sender address, deny recipient addresses that
     # do not match envelope sender addresses previosly generated here.
     #
     deny
       message     = You must provide a sender address unless you are \
                     returning mail that was previously sent from here. \
                     This recipient address lacks the cryptographic signature \
                     we use in the envelope sender address of outgoing mail. \n\
                     You are responding to a faked sender address.
       senders     = :
       domains     = +local_domains
       condition   = ${if and {{match{$local_part}{^(.*)=.*}}\
                               {eq{$local_part}{$1=${hmac{md5}{SECRET}{$1}}}}}\
                          {false}{true}}




Routers:

  smarthost_hash:
    debug_print              = "R: smarthost_hash for $local_part@$domain"
    driver                   = manualroute
    domains                  = ! +local_domains : !+relay_to_domains
    transport                = remote_smtp_hash
    route_list               = * DCsmarthost
    host_find_failed         = defer
    same_domain_copy_routing = yes
    no_more



  hashed_local:
    debug_print       = "R: hashed_local for $local_part@$domain"
    driver            = redirect
    domains           = +local_domains
    local_part_suffix = =*
    data              = $local_part@$domain



Transports:

  remote_smtp_hash:
    debug_print    = "T: remote_smtp_hash for $local_part@$domain"
    driver         = smtp
    return_path    = ${local_part:$sender_address}=$local_part=$domain=\
                     ${hmac{md5}{SECRET}\
                           {${local_part:$sender_address}=$local_part=$domain}}\
                     @$qualify_domain




Exim is smart enough to figger that the use of $local_part and $domain
in the transport means that no batching will be done. Thus, the
envelope-from address is unique for each recipient that receives the
message.

-tor