Magnus Holmgren wrote:
> We need more details to be able to figure out what you've tried to do. For
> starters, what does your virtual domain router look like and what does your
> acl_smtp_rcpt ACL look like? What parts of the specification have you read,
> what did you understand and what did you not understand?
Virtual domain router:
virtual_aliases:
driver = redirect
debug_print = "R: virtual_aliases for $local_part@$domain"
allow_defer
allow_fail
domains = dsearch;/etc/mail/virtual
data =
${expand:${lookup{$local_part}lsearch*@{/etc/mail/virtual/$domain}}}
qualify_preserve_domain
retry_use_local_part
pipe_transport = address_pipe
file_transport = address_file
no_more
And (you'll notice my !verify = recipient being commented out - that's
where I'd expect it to be.
acl_check_rcpt:
# Deny addresses with funny characters and shell escapes.
deny message = Invalid recipient username
local_parts = ^.*[@%!/|] : ^\\.
# Accept if the source is local SMTP (not over TCP/IP). We do this by
testing
# for an empty sending host field
accept hosts = :
# Accept authenticated mails
warn message = X-SA-Do-Not-Run: Yes
authenticated = *
accept authenticated = *
# Accept postmaster@ and abuse@ mails
warn message = X-SA-Do-Not-Run: Yes
local_parts = postmaster
accept domains = +local_domains
local_parts = postmaster
# Deny if sender is listed as a spammer.
deny message = $sender_host_address is blacklisted at \
$dnslist_domain ($dnslist_value: $dnslist_text)
log_message = REJECT: $sender_address_domain is blacklisted at \
$dnslist_domain : $dnslist_text
#dnslists = zen.spamhause.org : nomail.rhsbl.sorbs.net : \
dnslists = nomail.rhsbl.sorbs.net : \
blackholes.mail-abuse.org : dialups.mail-abuse.org : \
list.dsbl.org : dnsbl.njabl.org : cbl.abuseat.org
# Deny right now, before greylisting/spam scanning, if we cannot verify
# the recipient. This is so that dictionary attacks against our domain
doesn't
# kill the greylisting or anti-spam system.
#require message = No such user on this domain.
# !verify = recipient
# greylisting (as per David Peall's config)
warn set acl_m2 = ${lookup mysql{GREYLIST_TEST}{$value}{0}}
defer message = Greylisted - please try again a little later.
condition = ${if eq{$acl_m2}{0}{1}}
condition = ${lookup mysql{GREYLIST_ADD}{yes}{no}}
defer message = Greylisted - please try again shortly.
condition = ${if eq{$acl_m2}{1}{1}}
warn message = X-Greylist: Passed
condition = ${lookup mysql{GREYLIST_UPDATE}{yes}{no}}
# Accept specific mail without scanning it for spam.
warn message = X-SA-Do-Not-Reject: Yes
local_parts = postmaster:abuse
# changed size from 250k to 100k - Bretton (14/08/2006)
warn message = X-SA-Do-Not-Reject: Yes
condition = ${if >{$message_size}{100k}{1}{0}}
... and so on ... (still working on it really)
> !verify = recipient doesn't say anything on its own. It makes sense in a deny
> statement, but that statement won't be obeyed if an earlier statement has
> already determined the fate of the message. It should never, by itself, cause
> *all* mail to be rejected, unless the routers have no_verify set or
> something.
root@honey:/etc/exim4/conf.d grep "no_verify" * -R
router/600_exim4-config_userforward:# The no_verify setting means that
this router is skipped when Exim is
router/600_exim4-config_userforward: no_verify
router/700_exim4-config_procmail: no_verify
router/800_exim4-config_maildrop: no_verify
router/015_exim4-config_smarthost: no_verify
router/650_exim4-config_uservacation: no_verify
Which is cool, as the router for virtualdomains isn't mentioned here.
For testing I'm sending a mail to a non-existent user on our box, and it
gets to the point of :blackhole: in the virtual aliases file -
indicating that my config doesn't work.
Another quick question - what is the proper way to reload the exim4
configuration changes I've made? Currently I go through the following
process (which just doesn't seem proper):
$ update-exim4.conf
$ /etc/init.d/exim4 reload
$ /etc/init.d/exim4 stop
$ killall exim4
$ /etc/init.d/exim4 start
This seems to be the only way my config changes gets picked up (this is
on debian)
Thanks.
--
Peet Grobler <peet@???>
www.grobler.za.net
Skype: peet_grobler
XMPP: peetgrobler@???
