Hi Patrick,
>> 1. What should I do to make exim defer the queued
>> emails after -lets say 4H?
> Why do you accept them in the first place? Don't you
> want your mail-system to stay responsible? If you
> can't report an error to a sender, then don't accept
> the responsibility for handling their mail.
Believe me I don't (at least before exim maildir thing, those were
rejected). They are for those quota full mailboxes. I don't know why exim
lets those mail in..
> require
> verify = sender/callout
I have this ACL in the check_recipient part:
<snip>
require verify = sender
accept domains = +local_domains
endpass
message = Please check all recipients of this message to
verify they are valid.
verify = recipient
</snip>
Can you please help me to rewrite this to do:
<snip>
require verify = sender
accept domains = +local_domains
endpass
message = Please check all recipients of this message to
verify they are valid.
verify = recipient
</snip>
if the interface port is 587 but do
<snip>
require verify = sender/callout
accept domains = +local_domains
endpass
message = Please check all recipients of this message to
verify they are valid.
verify = recipient
</snip>
if the interface port is 25. I don't know how to add "condition = ${if
eq{$interface_port}{25}}" or "condition = ${if eq{$interface_port}{587}}" to
this thing in the "check_recipient:" part located under the "begin acl"
thing.
Hi Magnus,
> First thing - you must never accept a mail from an
> external host if it cannot be delivered. Where is
> the verify = recipient in your acl_smtp_rcpt?
Unknown accounts fail with 5xx error at the RCPT TO time. The data check
here:
<snip>
drop !verify = recipient
!hosts = /etc/exim_deny_whitelist
message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count
failures)
condition = ${if > {${eval:$rcpt_fail_count}}{4}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address
}{yes}{no}}
</snip>
and under that:
<snip>
require verify = sender/callout
accept domains = +local_domains
endpass
message = Please check all recipients of this message to
verify they are valid.
verify = recipient
</snip>
There are no more "verify = recipient" or "verify = sender" lines in my ACLs
other than the ones above. And the above are under "check_recipient:" part
located under the "begin acl" thing.
> If you've got that right you shouldn't end up with
> any undeliverable bounces - just a fair amount of
> "rejected RCPT" in the logs.
I was also expecting this...
> Then you can go on and add such things as verify =
> sender (to block senders invalid MX) and dnslists =
> dsn.rfc-ignorant.org/$sender_address_domain (to
> block senders from domains known not to accept
> bounces), etc etc.
<snip>
deny !sender_domains = lsearch;/etc/localdomains
!senders = @@lsearch;/etc/localsenders
!hosts = +relay_hosts
!hosts = /etc/exim_rbl_whitelist
!authenticated = *
message = $sender_host_address is blacklisted at
$dnslist_domain\n$dnslist_text
dnslists = sbl-xbl.spamhaus.org : list.dsbl.org :
dnsbl.ahbl.org : relays.ordb.org : bl.spamcop.net
</snip>
