[exim] Controlling relaying by checking local_part?

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Sbs Bofh
Fecha:  
A: exim-users
Asunto: [exim] Controlling relaying by checking local_part?
I have inherited the task of looking after two servers which run exim,
essentially set up as a front-end/back-end pair. The front end server is
accessible from the outside world, is published as the MX for the domain,
and relays mail to the backend server using a "driver = manualroute"
router. The backend server delivers mail to Maildir format mailboxes.

Neither server is configured to check local part, so as long as the domain
matches, they'll accept any incoming mail, the backend server then delivers
it to a mailbox in the form /vmail/<domain>/<localpart>/Maildir/ (creating
the mailbox if necessary).

There are now many thousands of orphaned mailboxes in the format
/vmail/<domain>/zzzoidofiahsc caused by spam and bounces.... so this
behaviour has got to stop :-)

I've started by configuring the front end server to check local_part against
a list for the domain. relay_to_domains used to be configured to do lsearch
to check the domain so I've changed exim.conf to use dsearch:

domainlist relay_to_domains = dsearch;/etc/exim/relay

and I've modified the manualroute router to use dsearch and to check the
local_parts too:

backendrouter:
    driver = manualroute
    domains = dsearch;/etc/exim/relay
    local_parts = lsearch;/etc/exim/relay/$domain
    transport = remote_smtp
    route_list = * backend.server.tld


To stop the frontend server from accepting messages for relay where the
local_part isn't defined in /etc/exim/relay/domain do I need to configure a
dsearch in acl_check_rcpt check too? If so, how?

Thanks,

Jim