This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--
This is a multi-part message in MIME format.
--
Hi!
I've got a problem with user verification:
Message 1BfcAu-0003wt-UD has been frozen (delivery error message).
The sender is <>.
The following address(es) have yet to be delivered:
ooxvjpchxb@??? <ooxvjpchxb@???>: LMTP error after RCPT
TO:<ooxvjpchxb@???>: 550-Mailbox unknown. Either there is
no mailbox associated with this\n550-name or you do not have
authorization to see it.\n550 5.1.1 User unknown
Is the message I've got.
The ACL is append as a txt attachment to this post.
Why doesn't exim reject that mail?
I use debian unstable and exim4-daemon-heavy 4.30-8 with sa-exim 4.0-2.
Cya & Thx
Lars
--
-----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
Tel.: +49 531 391-2109 E-Mail: schimmer@???
PGP-Key-ID: 0xB87A0E03
--
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept hosts = :
# Deny if the local part contains @ or % or / or | or !. These are rarely
# found in genuine local parts, but are often tried by people looking to
# circumvent relaying restrictions.
#
# Also deny if the local part starts with a dot. Empty components aren't
# strictly legal in RFC 2822, but Exim allows them because this is common.
# However, actually starting with a dot may cause trouble if the local part
# is used as a file name (e.g. for a mailing list).
#
deny domains = +local_domains
local_parts = ^.*[@%!/|] : ^\\.
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
#
accept local_parts = postmaster
domains = +local_domains
# Blacklist Eintrag http://ordb.org/faq/#usage Spamhaus & rfc-ignorant
deny message = Host is listed in $dnslist_domain Blacklist
log_message = deny by $dnslist_domain : Message rejected from $sender_host_address
dnslists = relays.ordb.org:sbl.spamhaus.org:dsn.rfc-ignorant.org/$sender_address_domain :\
postmaster.rfc-ignorant.org/$sender_address_domain:\
http://www.heise.de/ix/nixspam/nixspam.blackmatches
warn message = X-SA-Do-Not-Rej: Yes
local_parts = postmaster:abuse
warn message = X-SA-Do-Not-Run: Yes
hosts = +relay_from_hosts
warn message = X-SA-Do-Not-Run: Yes
authenticated = *
# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.
deny condition = ${if or{{!def:sender_helo_name}{eq{$sender_helo_name}{}}}{yes}{no}}
message = RFCs mandate HELO/EHLO before mail can be sent
# Forged hostname - HELOs as my own hostname or domain
deny message = Forged hostname detected in HELO: $sender_helo_name
hosts = !+relay_from_hosts
log_message = Forged hostname detected in HELO: $sender_helo_name
condition = ${lookup {$sender_helo_name} lsearch{CONFDIR/local_domains}{yes}{no}}
# Forged hostname -HELOs as one of my own IPs
deny message = Forged IP detected in HELO: $sender_helo_name
hosts = !+relay_from_hosts
log_message = Forged IP detected in HELO: $sender_helo_name
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
# Deny unless the sender address can be verified.
#
# This is disabled by default so that DNSless systems don't break. If
# your system can do DNS lookups without delay or cost, you might want
# to enable the following line.
deny !acl = acl_whitelist_local_deny
!verify = sender
# Warn if the sender host does not have valid reverse DNS.
#
# This is disabled by default so that DNSless systems don't break. If
# your system can do DNS lookups without delay or cost, you might want
# to enable the following lines.
deny message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
!verify = reverse_host_lookup
# deny bad senders (envelope sender)
# CONFDIR/local_sender_blacklist holds a list of envelope senders that
# should have their access denied to the local host. Incoming messages
# with one of these senders are rejected at RCPT time.
#
# The explicit white lists are honored as well as negative items in
# the black list. See /usr/share/doc/exim4-config/default_acl for details.
deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_whitelist_local_deny
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
# deny bad sites (IP address)
# CONFDIR/local_host_blacklist holds a list of host names, IP addresses
# and networks (CIDR notation) that should have their access denied to
# The local host. Messages coming in from a listed host will have all
# RCPT statements rejected.
#
# The explicit white lists are honored as well as negative items in
# the black list. See /usr/share/doc/exim4-config/default_acl for details.
#deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
# !acl = acl_whitelist_local_deny
# hosts = ${if exists{CONFDIR/local_host_blacklist}\
# {CONFDIR/local_host_blacklist}\
# {}}
#
# local_host_blacklist etwas erweitert
# siehe http://jez.hancock-family.com/index.php?/archives/80_New_Blacklist_Exim_Configuration.html#extended
#
deny message = You have been blacklisted on this server.\n\n \
If you feel this is an error, please mail <postmaster@???>.
log_message = deny_by_local_blacklist: Message rejected from $sender_host_address
!acl = acl_whitelist_local_deny
senders = @@lsearch*;/CONFDIR/local_host_blacklist2
# Accept bounces to lists even if callbacks or other checks would fail
# Wird benötigt wenn die verify = sender/callout Funktion genutzt wird
# warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
# condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}}
# {exists {MAILMAN_HOME/lists/$1/config.pck}}} \
# {yes}{no}}
# {yes}{no}}
# accept condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}}
# {exists {MAILMAN_HOME/lists/$1/config.pck}}} \
# {yes}{no}}
# {yes}{no}}
# Now, check sender address with SMTP callback.
# Auskommentiert, da nicht wirklich überall funktional!
# deny !verify = sender/callout=90s
#############################################################################
# There are no checks on DNS "black" lists because the domains that contain
# these lists are changing all the time. You can find examples of
# how to use dnslists in /usr/share/doc/exim4-config/examples/acl
#############################################################################
# Accept if the address is in a local domain, but only if the recipient can
# be verified. Otherwise deny. The "endpass" line is the border between
# passing on to the next ACL statement (if tests above it fail) or denying
# access (if tests below it fail).
#
accept domains = +local_domains
message = user ist dagt
endpass
message = unknown user
verify = recipient/callout
# Accept if the address is in a domain for which we are relaying, but again,
# only if the recipient can be verified.
#
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient/callout
# If control reaches this point, the domain is neither in +local_domains
# nor in +relay_to_domains.
# Accept if the message comes from one of the hosts for which we are an
# outgoing relay. Recipient verification is omitted here, because in many
# cases the clients are dumb MUAs that don't cope well with SMTP error
# responses. If you are actually relaying out from MTAs, you should probably
# add recipient verification here.
#
accept hosts = +relay_from_hosts
# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted.
#
accept authenticated = *
# Reaching the end of the ACL causes a "deny", but we might as well give
# an explicit message.
#
deny message = relay not permitted
--
Content-Description: OpenPGP digital signature
[ signature.asc of type application/pgp-signature deleted ]
--
