Auteur: Bruce Kallick Datum: Aan: David Woodhouse, Phil Pennock CC: exim-users Onderwerp: Re: [exim] Exim not sending NMS FormMail messages
On 9/6/04, at 12:58 PM +0100, David Woodhouse wrote:
> On Fri, 2004-09-03 at 17:43 -0500, Bruce Kallick wrote:
>> So it seems that Exim is rejecting the message because it finds no valid
>> senders (even though <postmaster@???> should be a valid sender).
>> Indeed, if I uncheck the box in the WHM Exim Configuration Editor labeled
>> "Verify the existence of email senders" the problem goes away -- but this
>> is too big a price to pay, I believe.
>
> If Exim is verifying the sender by attempting to send a bounce to it,
> then it's entirely reasonable for mail.domain.com to reject it, if
> postmaster@??? doesn't ever actually _send_ any mail. See recent
> discussions on this list though.
>
> I've just tested, though, and the only MX host for 'domain.com' does
> seem to accept bounces to postmaster. So either it's not that, or
> they've changed their behaviour recently. Or did you gratuitously
> obscure the data in the log which you posted, to make it harder for
> people to help you? If so, please don't read any further -- I don't want
> to help you at all.
> Yes, David, I did gratuitously obscure the data in order to protect my
client's privacy. But I did read further. you did help me, and I thank
you for it.
>> I'm guessing that there might be a simple fix by adding some directive to
>> the Exim configuration file, but I don't know enough to mess around with
>> that. If one of the aficionados here might be so kind as to tell me what I
>> might try without hurting myself, using the advanced mode of the WHM Exim
>> Configuration Editor, I'd be ever so grateful.
>
> Others have surmised that you are using 'verify = header_sender'. Turn
> that off and verify only the _envelope_ sender. If you verify the
> address(es) in the From: header, and do so with an empty sender in your
> own callout, then you'll probably reject this mail too.
>
> --
> dwmw2
> I don't know how to "turn that off and verify only the _envelope_ sender."
At 12:40 PM +0200 9/6/04, Phil Pennock wrote: > Your Exim Config thing is turning on sender-in-message-header
> verification, not (just?) SMTP Envelope Sender verification.
>
>> might try without hurting myself, using the advanced mode of the WHM Exim
>> Configuration Editor, I'd be ever so grateful.
>
> Pass, sorry. But the should be enough to look more closely at what your
> FormMail setup is doing wrong in missing out the relevant headers.
>
> I don't know if Exim applies its fix-up logic for adding a Sender:
> header before or after this ACL is run, but you might look to see if
> that config tool lets you specify "unless it's locally submitted".
Both David and Phil suggest that I need to turn off 'verify = header_sender'
so here's what I tried: in the last ACL in exim.conf I changed
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept
to
#!!# ACL that is used after the DATA command
check_message:
require verify = sender
accept
and now the scripts works flawlessly.
But I need to know if doing this compromises the mail server's security.
Any advice would be greatly appreciated 'cuz I'm truly out of my depth here.
If this is an okay fix, it may be helpful to lots of folks -- the last I
looked the NMS FormMail script was the best solution available to process
form submitted data, and it suddenly died on the sites hosted on my server.