Re: [exim] Fw: Reject Specific users...

Pàgina inicial
Delete this message
Reply to this message
Autor: Dan_Mitton
Data:  
A: Magnus Holmgren
CC: exim-users
Assumpte: Re: [exim] Fw: Reject Specific users...
>On Friday 01 June 2007 17:24, Dan_Mitton@??? wrote:
>> Between you and Magnus, I think I'm almost there. Just trying to

figure
>> out why 'data = :fail:' is not working in the redirect router.
>>
>> Your last line said, 'Make sure you're only doing this in the context

of
>> your submission client, not facing the world.'. I'm not sure that I
>> understand. I think I do want this facing the world. Why should it

not??
>
>It's called "collateral spam". Picture this: Spammer sends spam with a

forged
>sender address and a bad recipient address. Your server accepts it and

says
>goodby, then tries to deliver it, finds that routing fails, and sends a
>bounce to the forged sender address. If others do the same, that poor guy


>whose address was abused then drowns in bounces.
>
>You still haven't quite explained what you *really* want, but the problem


>seems to be that some MUA becomes confused when one of several recipients

is
>rejected and what you really need is to accept all mail from local users.


Ok, the big story...

My Exim server is only (currently) acting as an "edge" passthru SMTP
gateway into our Lotus Notes mail systems. Currently, all messages are
passed thru to Notes which, for invalid address, generates a bounce
message and hands it back to Exim to try and deliver. Our thought was to
remove the exim -> notes -> exim processing for invalid addresses and to
let exim handle the bounces directly. Yes, (and I not like it either) a
lot of these messages are spam and the bounces are collateral spam, but I
am not able to limit who I accept a message from (due to government
regulations). We are not making it any worse then it currently already
is, just removing the exim -> notes -> exim steps.

I'm open to suggestions, but my hands are (at least partially) tied.

>Why do you want to reject recipients listed in a file called valid.users?


>Shouldn't that be invalid.users?


bad_recipients:
driver = redirect
domains = +route_to_domains
local_parts = ${lookup{$local_part}
nwildlsearch{/usr/local/exim/valid.users}{found}{$local_part}}
allow_fail
data = :fail: unknown user

I think I have the logic right, but don't mind another pair of eyes. I
only know of valid users, hence valid.users file. The logic is a bit
twisted. It seems like:

!local_parts = ${lookup{$local_part}
nwildlsearch{/usr/local/exim/valid.users}{$local_part}{not-found}}

would be the way to go, but I get:

2007-06-01 09:21:27 [20082] Exim configuration error in line 649 of
/usr/local/exim/configure:
option setting expected: !local_parts = ${lookup{$local_part}
nwildlsearch{/usr/local/exim/valid.users}{$local_part}{not-found}}

So I had to reverse the logic. When I 'lookup' $local_part, if it is
found (i.e. a valid user), I return 'found' (which should be more obscure
just in case) which in turn does not equal 'local_parts', so the router is
skipped. For an invalid user, the 'lookup' returns '$local_part', which
equals 'local_parts', so the router is used. Like I said, twisted. Is
there a better way? I guess I could do something like:

condition = ${lookup{$local_part}
nwildlsearch{/usr/local/exim/valid.users}{false}{true}}

Again the logic needs to be backwards, since I want this to be 'true',
when it doesn't find a valid user.

Make sense??