Author: Peter Bowyer Date: To: exim-users Subject: Re: [exim] handling reject/deny comms in a 2-exim setup
On 09/06/07, snowcrash+exim-users <schneecrash+exim-users@???> wrote: > hi,
>
> i've started to setup a dual-exim ("edge" + "core") setup
>
> my primary goals are:
> (1) use "edge" exim to filter/reject non-legit mail @ SMTP connect
> (2) minimize traffic to & between edge/core exim
> (3) minimize CPU/RAM util by "edge"
> (4) enusre proper response notification to original sender in smtp
> chat from BOTH edge/core servers
> (5) single-source smtp AUTH (dovecot) and account data
>
> so far, i'm good with (1),(2), (3) & half of (5).
>
> my question HERE is:
>
> re: (4), how do I _correctly_ send content scaning rejects/notices
> from "core" exim back to the original sender, NOT just back to the
> "edge" exim?
>
> to date, i've done all this in one exim server, and haven't worried
> about the sequence of the transaction -- simply because i didn't have
> to. now that i'm splitting tasks, that's chaged ...
>
> my 1st thought is that since, at AV/AS content scanning, the message
> is received and we're past SMTP transaction, the REJECT needs be a
> mail message back to sender. but i'm not clear about the 'right'
> response.
>
> it had been suggested on this list that CALLOUTS be used. tbh, i'm
> simply comfused as to what/where/how.
>
> any/all guidance would be much appreciated!
There's no way to do what you're describing in a net-friendly manner
using Exim, or any other standard MTA, on the edge server. You can use
callouts to reject invalid recipients at the edge, but in order to
reject on invalid content (spam, malware etc), the edge server needs
to perform the scanning.
Doing the scanning on the internal server implies that the edge server
has already accepted the message. The only action the internal server
can take if it finds bad content is to generate a bounce message -
this is inappropriate and potentiall abusive behaviour, since the huge
majority of bad content has forged envelope senders - you end up
sending the bounce to an innocent bystander.
2 possible avenues for you to explore:
- configure the content scan on the edge server, but have it call a
scanner on an internal server. This might work depending what
scanner(s) you're using. Then the edge server can reject inline when
it finds bad content - this is the right way to do it.
- use a SMTP proxy on the edge server instead of an MTA. This will
make the internal server do all the work.