Re: [exim] Exim, 550 unknown local part and Outlook 2007/201…

> From: Kurt Jaeger

> > Instead, I'll accept the message and queue
> > it or bounce it. That way, the user gets a message in their mailbox,
> > with a full description of the error.
>
> Do you have a config snippet that does this ? Thanks!

> From: Bill Hayles

> > Do you have a config snippet that does this ? Thanks!
>
> Can I second that?

The usual snippet is in the default Exim config:

  accept  hosts         = +relay_from_hosts
          control       = submission
  accept  authenticated = *
          control       = submission

(in rcpt ACL before other checks).

But instead I recommend:

LIM = 100
PERIOD = 1h
WARNTO = abuse@???
EXIMBINARY = /usr/local/sbin/exim -f root
SHELL = /bin/sh
untrusted_set_sender = *
local_from_check = false
....
begin acl
acl_check_rcpt:
....
  accept hosts = !@[] : +relay_from_hosts
        set acl_m_user = $sender_host_address
             # or an userid from RADIUS
        condition = ${if exists{$spool_directory/blocked_relay_users}}
        condition = ${lookup{$acl_m_user}lsearch\
                    {$spool_directory/blocked_relay_users}{1}{0}}
        control = freeze/no_tell
        add_header = X-Relayed-From: $acl_m_user

  accept hosts = !@[] : +relay_from_hosts
        !verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
        ratelimit = LIM / PERIOD / per_rcpt / relayuser-$acl_m_user
        continue = ${run{SHELL -c "echo $acl_m_user \
           >>$spool_directory/blocked_relay_users; \
           \N{\N echo Subject: relay user $acl_m_user blocked; echo; echo \
           because has sent mail to LIM invalid recipients during PERIOD.; \
           \N}\N | EXIMBINARY WARNTO"}}
        control = freeze/no_tell
        add_header = X-Relayed-From: $acl_m_user

  accept  hosts         = +relay_from_hosts
          control       = submission/domain=

  accept authenticated = *
        set acl_m_user = $authenticated_id
# in case of mailboxes in /var/mail: ${sg{$authenticated_id}{\N\W.*$\N}{}}
        condition = ${if exists{$spool_directory/blocked_authenticated_users}}
        condition = ${lookup{$acl_m_user}lsearch\
                    {$spool_directory/blocked_authenticated_users}{1}{0}}
        control = freeze/no_tell
        add_header = X-Authenticated-As: $acl_m_user

  accept authenticated = *
        !verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
        ratelimit = LIM / PERIOD / per_rcpt / user-$acl_m_user
        continue = ${run{SHELL -c "echo $acl_m_user \
           >>$spool_directory/blocked_authenticated_users; \
           \N{\N echo Subject: user $acl_m_user blocked; echo; echo because \
           has sent mail to LIM invalid recipients during PERIOD.; \
           \N}\N | EXIMBINARY WARNTO"}}
        control = freeze/no_tell
        add_header = X-Authenticated-As: $acl_m_user

  accept authenticated = *
        control = submission/domain=
....

The checks are for catching spamming from trojaned windozes in LAN and
authenticated using passwords stolen with trojans. The checks are based
on the fact that lists of email addresses spammers send to contain
very many non-existent addresses.