[exim] No greylisting for SRS-valid bounces

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Peter Thomassen
Datum:  
To: exim-users
Betreff: [exim] No greylisting for SRS-valid bounces
Hi,

I implemented SRS as suggested in
http://www.assembla.com/wiki/show/file_sender/Configuring_SRS_with_Exim_(Debian_and_Ubuntu)

Also, I have implemented greylisting as is done by the Ubuntu/Debian
greylistd package. The greylisting for messages with an empty MAIL FROM
command is done in the DATA ACL (and not at RCPT), to prevent messing up
third party callout verify attempts.

The relevant configuration is:

acl_check_data:
   defer
     message    = $sender_host_address is not yet authorized to deliver \
                      mail from <$sender_address> to <$recipients>. \
                      Please try later.
     log_message    = greylisted.
     senders        = :
     !hosts         = : +relay_from_hosts : \
                      ${if exists {/etc/greylistd/whitelist-hosts}\
                                  {/etc/greylistd/whitelist-hosts}{}} : \
                      ${if exists {/var/lib/greylistd/whitelist-hosts}\
                                  {/var/lib/greylistd/whitelist-hosts}{}}
     !authenticated = *
     !acl           = acl_local_deny_exceptions
     condition      = ${readsocket{/var/run/greylistd/socket}\
                                  {--grey \
                                   ${mask:$sender_host_address/24} \
                                   $recipients}\
                                   {5s}{}{false}}


I would like to skip this defer ACL if the srs_bounce router (see URL
above) thinks that the recipient address is a valid SRS address because
in that case the message is most likely not spam.

However, there's a bunch of problems, as we are at the DATA stage. The
number of recipients could be greater than one; then, greylisting would
be desirable. Also I do not know how to best ask the srs_bounce router
for its opinion. I tried using $address_data which did not work out,
probably because there is no recipient verify at this stage (again
because there may be several recipients, I think).

Of course I could actively read from the srsd socket after having
checked that we have only one recipient, but I am not sure whether or
not this is the best way to do it. Any suggestions?

Thanks,
Peter