Author: Robert Bannocks Date: To: exim-users Subject: [exim] Stopping unknown users at boarder routers
I am looking into building tables of known users at my border routers.
currently the border (mail) routers run exim and accept all e-mail for
our domains. This is unsatisfactory because lots of spam gets to the
border machines and then gets a 550 from the messages stores which
results in lots of undeliverable bounces. I have been thinking of ways
to validate addresses at the border machine. One way would be to have a
router of the form.:
# check the local_part of all validate_domains against the database
address_check:
driver = redirect
domains = +validate_domains
data = ${lookup{$local_part}lsearch{/usr/local/exim/aliases.$domain}}
repeat_use=false
forbid_exim_filter
forbid_pipe
forbid_file
no_more.
Another would be to use an ACL to check addresses for valid_domains. A
3rd might be to use SMTP call outs.
Which of these is the most efficient? Am I correct in presuming that
using ACL is the most efficient, followed by using routers followed by
using callouts?
My reasoning is that using ACLs will mean that compared to using routers
for invliad addresses all the routers up to the addresses_check router
will not be needed to run. Am I correct in assuming the connection lag
for Callouts will be far greater than using a local copy of the valid
addresses in an alias file. Of course I may make use of a DBM or CDB
file in the real implementation...
Are their any pitfalls in using ACL? Are their any other methods?
