On Tue, Jun 22, 2004 at 02:19:58PM +0200, Wouter Verhelst said:
> --
> Hi,
>
> I have two servers, both running Exim, that should both handle some
> addresses from a single domain; i.e., foo@domain is handled by one of
> the servers, while bar@domain is handled by the other. By fiddling with
> transports and routers in a non-active configuration file, I have been
> able to configure this; I have a set of routers that will deliver mail
> locally if it is a local address, but will route it to the other host if
> it is not. So far, so good.
>
> What I'd like to see, though, is that recipient verification would also
> work. I was thinking of doing this by using callout verification, but
> there is a problem:
>
> If one of the servers receives an RCPT for a local part that does not
> exist on either server, it will run an SMTP session to the other host,
> as described in the documentation for the callout verification. Since
> this looks like a normal SMTP session, it will get through the same ACL
> as any other connection; thus, the other server, which also sees that
> there is no local delivery possible, will perform a callout to the first
> server. There is a loop here.
>
> My first idea was to add a 'hosts=' option to the ACL that does the
> callout to avoid the loop that way, but that can't work; that hosts
> option will then apply to /all/ connections from the other system, which
> will in turn result in the systems refusing legitimate mail if the mail
> was offered to the 'wrong' system.
>
> This is not what I want it to do. What's necessary is that the callout
> should only be performed if the connection we're dealing with does /not/
> originate from the system we would perform a callout to in the first
> place. I've been searching in the documentation for an option to
> accomplish this, but either I've missed something, or this isn't
> possible... any hints?
I guess you could mark the real routers with no_verify, and set up a
second set of routers with the hosts condition that is marked
verify_only. This would allow you to split the verification from the
real routing.
Not tested, but I think it will work. Feels a little like a kludge,
though.
--
--------------------------------------------------------------------------
| Stephen Gran | Girls are better looking in snowstorms. |
| steve@??? | -- Archie Goodwin |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
