On Sun, Oct 25, 2009 at 04:25:36PM +0000, Colin wrote:
> We do already have "require verify = recipient" set in the acl for
> acl_smtp_rcpt however this does nothing.
Yes, that could well be the case if some other part of the ACL means that it
can only get as far as "require verify = recipient" for "your" domains (i.e.
the ones in /etc/staticroutes).
> This works well, except it means that our relay accepts mail for spam
> targetted at randomguess@domain
>
> What I have been trying to do is to write an ACL that meets the
> following criteria:
> ...
> 3) The ACL then performs a recipient callout verification.
>
> 4) If the destination server accepts the recipient, then the ACL is
> passed and we progress onto the rest of the acls etc. If the destination
> server rejects the recipient, I do not want the message accepted to the
> system nor do I want to waste any more resource cycles running any other
> ACLs etc.
http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECTcallver
For example, "require verify = recipient/callout". But, as you say, make sure
you only do this for your domains, i.e. where the host you're calling out to
is one of your own hosts.
Regards,
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
