Re: [exim] ACLs and forward computation of final local_part …

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Tim Watts
CC: exim-users
Subject: Re: [exim] ACLs and forward computation of final local_part after redirects
On 2011-07-21 at 09:54 +0100, Tim Watts wrote:
> The redirect router is less desireable as I have to handle mail I no
> longer want instead of being able to reject it at SMPT time (whereby the
> spammer who now has it might stop bothering me).


Err, no.

There are typically two runs through the Routers. One of them is a
"verify" run, then comes the delivery run. This is why you can tag
individual Routers with "no_verify".

As long as your RCPT ACL includes a step which does
verify = recipient
then there will be a verify run through the Routers. If you've removed
this step from the RCPT ACL then I *strongly* advise putting it back, as
this is what keeps you from emitting backscatter.

So I'd have a Router along the lines of (untested):

user_blacklist:
  driver = redirect
  domains = +local_domains
  local_part_suffix = -*
  check_local_user
  verify_only
  allow_fail
  require_files = $home/.email_blacklist
  condition = ${lookup{$local_part_suffix}lsearch{$home/.email_blacklist} {yes}{no}}
  data = :fail: ${lookup{$local_part_suffix}lsearch{$home/.email_blacklist} \
        {${if def:value {$value}{address invalid}}}{address invalid}}


Note that the lookup result should be cached, so in reality the file is
only scanned once.

Regards,
-Phil