Re: [exim] Limiting verification callouts to own hosts

Pàgina inicial
Delete this message
Reply to this message
Autor: Martijn Grendelman
Data:  
A: Renaud Allard
CC: exim-users
Assumpte: Re: [exim] Limiting verification callouts to own hosts
Renaud Allard wrote:

>> I am trying to make my fallback mail server reject mail for non-existent
>> users during SMTP, so I want to do recipient verification callouts to
>> the primary mail server.
>>
>> The problem is, that the fallback also relays mail for some domains that
>> have different primary servers, and I don't want to do callouts to those
>> servers.
>>
>> Is there a way to restrict verification callouts to certain hosts?
>>
>> The fallback does not have any authoritative knowledge about which
>> domains end up at OUR primary, that is decided during routing exclusively.
>>
>> An ACL statement like:
>>
>> verify        = recipient/callout=10s,defer_ok

>>
>> does the verification routing and the callout to the resulting target
>> host at once, so I can't fix this in the ACL.
>>
>> I haven't found anything useful in the chapter about callout parameters
>> in the manual. Any suggestions?
>>
>
> Just add a line in your ACL
>
> domains = domain1.tld : domain2.tld
> verify = recipient/callout=10s,defer_ok


Well, the problem was, like I wrote earlier, that this server didn't
really know which domains qualify for a callout and which don't.

One option would be, to have the fallback set up a list of local domains
in the same way the primary does. The domains are in MySQL anyway. If
I did that, the method above would work.

There are some drawbacks:

1. If I can set up a list of local domains this way, I can also check
the final recipient directly from the database (although that would be
harder), so I wouldn't actually need a callout.

2. In the future, I may not have the option described above, because
some day we might add a fallback sever, that does not have access to our
mail server database.

3. A small issue, but something I was hoping I could avoid: suppose a
certain domain was once local to our primary mail server. Now, the
client sets up his own mail server somewhere, changes the lowest MX, but
still uses our fallback (with permission). Now, if we forget to delete
the domain from our mail sever database, the fallback will accept or
deny mail based on the old data that is in our database. If there was a
check for the actual target somewhere, this could be prevented.

Best regards,

Martijn Grendelman