I have inherited the task of looking after two servers which run exim,
essentially set up as a front-end/back-end pair. The front end server is
accessible from the outside world, is published as the MX for the domain,
and relays mail to the backend server using a "driver = manualroute"
router. The backend server delivers mail to Maildir format mailboxes.
Neither server is configured to check local part, so as long as the domain
matches, they'll accept any incoming mail, the backend server then delivers
it to a mailbox in the form /vmail/<domain>/<localpart>/Maildir/ (creating
the mailbox if necessary).
There are now many thousands of orphaned mailboxes in the format
/vmail/<domain>/zzzoidofiahsc caused by spam and bounces.... so this
behaviour has got to stop :-)
I've started by configuring the front end server to check local_part against
a list for the domain. relay_to_domains used to be configured to do lsearch
to check the domain so I've changed exim.conf to use dsearch:
domainlist relay_to_domains = dsearch;/etc/exim/relay
and I've modified the manualroute router to use dsearch and to check the
local_parts too:
backendrouter:
driver = manualroute
domains = dsearch;/etc/exim/relay
local_parts = lsearch;/etc/exim/relay/$domain
transport = remote_smtp
route_list = * backend.server.tld
To stop the frontend server from accepting messages for relay where the
local_part isn't defined in /etc/exim/relay/domain do I need to configure a
dsearch in acl_check_rcpt check too? If so, how?
Thanks,
Jim