Re: [exim] Stopping unknown users at boarder routers

Top Page
Delete this message
Reply to this message
Author: Oliver Howe
Date:  
To: Robert Bannocks
CC: exim-users
Subject: Re: [exim] Stopping unknown users at boarder routers

I do it like this

at the end of the acl_check_rcpt section after I check the HELO commands are valid

drop  message   = "Unknown user"
       condition = ${lookup{${lc:$local_part@$domain}} dbm{/etc/mail/hm-users.db} {false}{true} }
       domains = +relay_to_domains



seems to work very well for me.



On Mon, 24 Sep 2007 11:07:37 +0100 , Robert Bannocks <rbannocks@???> wrote:
>I am looking into building tables of known users at my border routers.
>currently the border (mail) routers run exim and accept all e-mail for
>our domains. This is unsatisfactory because lots of spam gets to the
>border machines and then gets a 550 from the messages stores which
>results in lots of undeliverable bounces. I have been thinking of ways
>to validate addresses at the border machine. One way would be to have a
>router of the form.:
>
># check the local_part of all validate_domains against the database
>address_check:
> driver = redirect
> domains = +validate_domains
> data = ${lookup{$local_part}lsearch{/usr/local/exim/aliases.$domain}}
> repeat_use=false
> forbid_exim_filter
> forbid_pipe
> forbid_file
> no_more.
>
>Another would be to use an ACL to check addresses for valid_domains. A
>3rd might be to use SMTP call outs.
>
>Which of these is the most efficient? Am I correct in presuming that
>using ACL is the most efficient, followed by using routers followed by
>using callouts?
>My reasoning is that using ACLs will mean that compared to using routers
>for invliad addresses all the routers up to the addresses_check router
>will not be needed to run. Am I correct in assuming the connection lag
>for Callouts will be far greater than using a local copy of the valid
>addresses in an alias file. Of course I may make use of a DBM or CDB
>file in the real implementation...
>
>Are their any pitfalls in using ACL? Are their any other methods?
>
>Any opinions and experiences welcome.
>
>TIA and regards
>
>Rob
>
>
>--
>## List details at http://lists.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://wiki.exim.org/




--


Oliver Howe
Senior Systems Administrator

Tel: +44 (0) 79 7420 6484
Fax: +44 (0) 20 7664 7878

Spider Networks - the power behind interactive web communications - www.spider-networks.net


--
Confidentiality Notice: This email is confidential and may also be privileged. If you are not the intended recipient, please notify the sender IMMEDIATELY; you should not copy the email or use it for any purpose or disclose its contents to any other person. General Statement: Any statements made, or intentions expressed in this communication, may not necessarily reflect the view of Spider Networks, that no content herein may be held binding upon Spider Networks or any associate or any associated company unless confirmed by the issuance of a formal contractual document or purchase order.