Hi
this configuration will make people using callouts reject your messages,
if you want to avoid this you should use batv checks at pre_data
> After working on configuring Exim for BATV for a while and running into some
> problems, I wanted to pass on my configuration that got me working. Some of
> the information out there is a little out of date and it may help someone
> else to have a whole list of changes necessary.
>
> I'm somewhat of Exim newcomer so some things may be wrong - corrections or
> comments are welcome; most of this I have cobbled together from multiple
> sources on the web.
>
> This setup is for the newer/newest draft of BATV where the format of the
> address is: prvs=kdddhhhhhh=LOCAL_PART@DOMAIN
> This means that comments in the documentation about this stanza
> deny message = Restricted characters in address
> domains = +local_domains
> local_parts = ^[.] : ^.*[@%!/|]
> are no longer valid since BATV now uses '=' instead of '/'.
>
> Note, one addition that I may make in the future is to add a check for the
> number of recipients - real bounces go to only one destination. For automated
> messages to multiple recipients with a null MAIL FROM, my configuration
> below would block these; so a line with something like this: " !condition =
> ${if >{$rcpt_count}{1}}" would have to be added to the deny BATV unsigned
> bounces paragraph.
>
>
> # Main section
> ...
> BATVKEY = something
> ...
>
>
>
> # ACLs
> acl_check_rcpt:
> ...
> ## I put the BATV ACL at the end
> # check that BATV signature is valid
> deny message = invalid or expired BATV signature
> # Match null sender messages (DSN)
> senders = :
> control = caseful_local_part
> condition = ${prvscheck {$local_part@$domain}{BATVKEY}{1}}
> !condition = $prvscheck_result
> control = caselower_local_part
>
> # deny BATV unsigned bounces
> deny message = bounce is not BATV signed
> senders = :
> condition = ${if !match{$local_part}{^prvs=}}
>
>
>
> # Routers
> begin routers
> ## put the BATV routers at the top
> # I believe this so that outbound(non-local) mail is BATV signed
> dnslookup_batv:
> driver = dnslookup
> condition = ${if match_domain{$sender_address_domain}{+local_domains}}
> domains = ! +local_domains
> transport = external_smtp_batv
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>
> # I believe this so the recipient address would be decoded
> batv_redirect:
> driver = redirect
> data = ${prvscheck {$local_part@$domain}{BATVKEY}}
> ...
>
>
>
> # Transports
> begin transports
> ...
> # (believe that the placement of the transport stanza does not matter)
> external_smtp_batv:
> driver = smtp
> return_path = ${prvs {$return_path}{BATVKEY}}
> ...
>
--
Best regards ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david@???
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------