On Wed, Jun 23, 2004 at 01:35:02AM -0400, Eli said:
> I have possibly a weird wishlist item - the ability to specify a server that
> a verification callout is sent to.
>
> What I mean by this is rather than have Exim do a DNS lookup, get the MX
> record, then connect and try to do a sender/recip verification callout, I'd
> like to just specify a single host/IP that would be used for the check.
>
> The reason for this is to have Exim as a front end to a backend mail server,
> but Exim won't have any knowledge of the userbase, so I want to do a callout
> to the backend system to verify if the user account exists or not. I know
> it's not the best of set ups, but maybe this may even have other uses better
> than this scenario?
>
> Just wondering if it's even worth requesting, or if there are too many
> issues that could arise from having such an ability?
We do this at one of the ISP's we service. We have multiple front-end
machines that recieve mail, and then deliver to the pop machine behind
them. We do this:
domainlist relay_to_domains = lsearch;CONFDIR/mailertable
Where that file is of the form:
example.com: mail.example.com
example.net: mail.example.com
example.org: mail.example.com
mail.example.com: mail.example.com
mail.example.net: mail.example.com
mail.example.org: mail.example.com
In the rcpt acl:
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient/callout=30s,defer_ok,no_cache,use_sender
first router:
relay_manualroute:
driver = manualroute
domains = +relay_to_domains
transport = remote_smtp
route_data = ${lookup{$domain}lsearch{CONFDIR/mailertable}}
and retry times:
example.com * F,6h,5m; G,16h,30m,1.5; F,6d,6h
The above does a pretty good job. If the backend pop server's load goes
too high, it will occasionally start rejecting connections, which is why
we use defer_ok and the 5 minute queue time. We also start exim with
-q5m to help this. The no_cache and use_sender are there so that the
backend machine can maintain per-user blacklists and so forth, and exim
doesn't get confused by mary@??? rejecting mail from
foo@???, but accepting everything else. We have seen that make exim
think mary@??? doesn't exist, so we went to the no_cache
solution - slightly more network traffic, but less overall headache.
HTH,
--
--------------------------------------------------------------------------
| Stephen Gran | BOFH excuse #286: Telecommunications |
| steve@??? | is downgrading. |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
