Christian Hertel wrote:
>>> If a mail to a domain we relay for could not be delivered to it's final
destination because of an '554 User unknown' error, we generate the
bounce message. But if the origin sender address was faked and our
bounce message could also not be delivered because of a '554 User
unknown' error, why does exim not discard this bounce immediately, and
holds it in the queue? A 5xx is a permanent error so why does exim
thinks this mail could be delivered sometimes again?
<<<
At what point do you get the bounce error? Does the remote server refuse
it at RCPT or does it send a "bounce bounced" message later? Depending
on the case you may want to inspect the injected headers and discard
depending on your findings.
I always had problems with bounce messages and ended up not bouncing at
all (in case of non-existing sender and recipient user the mail systems
often hot-potato the bounce messages between each other)
I implemented a recipient lookup at RCPT time and refuse unknown
recipients right on the doorstep. This of course requires knowledge
about the user base on the relayed-to domains. We solved that by
generating a flat recipient list every night via one or more ldap
queries against the relayed-to domains. Of course if you cater for 250
000 users this may be sub-optimal...
Speaking of exim configuration, are there any "hardening exim"
documentations/suggestions etc available? (Like refusing HELOs with
H=(ipaddr) which doesn't correspond to the 'real' IP etc)
Oh, last but not least: Exim rocks. Sez our true-blue MS Exchange
Administrator... :)
Many thanks to all developers and contributors!
