Re: [exim] Recipient verification doesn't work at SMTP time

Top Page
Delete this message
Reply to this message
Author: Alexander Stintzing
Date:  
To: exim-users, exim-users
Subject: Re: [exim] Recipient verification doesn't work at SMTP time
Hello Phil,

thanks for your reply!

The background of this setup is a per-domain-bayes db. I use the
exiscan-solution with other setups, but in this special case I couldn't
find a way to seperate the databases per domain by exiscan.

So, for all domains, I added an system-user with the same name, so every
(system)user/domain has its own db. The spamc uses this users for
learning and checking.

I bought the exim-book (Official Guide for Release 4) to get deeper, but
I don't understand, why the ACl doesn't work. I explicitly set
"verify_recipient" in the spamcheck routers, but this doesn't do anything.

I also defined a router directly after the dnslookup with verify_only
and pass_router = spamcheck, but mails to a non existent user have been
accepted.

Perhaps there is another solution for a per-domain-bayes-check? Perhaps
with exiscan? I didn't find some.

At the moment I got stuck.

Phil Pennock schrieb:
> On 2008-09-01 at 19:44 +0200, Alexander Stintzing wrote:
>
>> I set up an exim with virtual users stored in a MySQL-Database. When I
>> send a message to existentuser@??? it is scanned and delivered
>> correctly. But when I send a message to nonexistent@??? which
>> should be rejected immediately, it will be accepted at first, then it's
>> spam-scanned and after that, Mail delivery failed: returning message to
>> sender.
>>
>> Perhaps somebody will find the error:
>>
>
> The spam routers accept all mail, so all addresses will verify.
>
> The entry in the ACL used for acl_smtp_rcpt which includes "verify =
> recipient" will not use the Routers marked no_verify for determining
> whether or not an address exists. However, if you do this then you'll
> accept spam and generate a bounce, producing backscatter.
>
> In simple configurations, you can get away with reproducing the
> recipient verification checks on the spam Router which accepts mail, so
> that it only accepts mail for those who would have been accepted anyway.
> This might be awkward with your setup.
>
> Which is why spam-scanning is really best not done by Routers, but in
> the ACL logic. You're using spamc to use spam-assassin as a client; you
> should look at setting spamd_address instead and then the 'spam'
> condition in an ACL.
>
> Read http://wiki.exim.org/ExiscanExamples to get some ideas of what you
> could be doing.
>
> -Phil
>
>