Re: [exim] Removing the local_user Router

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: Exim, Users
Subject: Re: [exim] Removing the local_user Router
On 12/11/06, Bill Moseley <moseley@???> wrote:
> A little Sunday afternoon tweaking has me wondering. I've got these
> two routers at the end of the routers section:
>
>    procmail:
>      debug_print = "R: procmail for $local_part@$domain"
>      driver = accept
>      check_local_user
>      transport = procmail_pipe
>      require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
>      no_verify
>      no_expn

>
>    local_user:
>      debug_print = "R: local_user for $local_part@$domain"
>      driver = accept
>      check_local_user
>      local_parts = ! root
>      transport = LOCAL_DELIVERY

>
>
> I've been seeing a lot more spam sent to "users" that are in my alias
> and passwd files (i.e. www-data).
>
> All my real users use procmail for delivery, so I thought maybe I
> could remove the "local_user" router and only accept mail for users
> with a .procmailrc file.
>
> But testing without the "local_user" router all my users report
> "Unrouteable address". Not sure I understand why that happens. All
> my local deliveries are reported with R=procmail T=procmail.


Your procmail router has 'no_verify' set, and therefore is not run
when Exim is verifying recipients ('verify = recipient' in an ACL).
Without the local_user router, there's no router left to verify your
local users so they fail.

The reason that router is set to no_verify is that it has a
'require_files' directive. Verification is run as the exim user (or
whatever user exim is set to run as), and won't by default have access
to your users' home directories and thus the .procmailrc files. So it
won't work in verify mode.

2 thngs to do: take no_verify off that router, and then arrange for
the exim user to have access to the files in question.

If that's not do-able, you might have to consider another way of
triggering the deliverability of a local user, and stick a verify_only
router in place of your local_user router which performs the test.

Peter


--
Peter Bowyer
Email: peter@???