On 23/07/11 07:40, Phil Pennock wrote:
> On 2011-07-21 at 09:54 +0100, Tim Watts wrote:
>> The redirect router is less desireable as I have to handle mail I no
>> longer want instead of being able to reject it at SMPT time (whereby the
>> spammer who now has it might stop bothering me).
>
> Err, no.
>
> There are typically two runs through the Routers. One of them is a
> "verify" run, then comes the delivery run. This is why you can tag
> individual Routers with "no_verify".
Hi Phil,
Ahh - that is a fundamental fact that for some reason had escaped me.
I had not understood how verify = recipient actually worked - and
knowing there is a "dry run" though all the routers makes a big
difference to my understanding.
> As long as your RCPT ACL includes a step which does
> verify = recipient
> then there will be a verify run through the Routers. If you've removed
> this step from the RCPT ACL then I *strongly* advise putting it back, as
> this is what keeps you from emitting backscatter.
>
> So I'd have a Router along the lines of (untested):
>
> user_blacklist:
> driver = redirect
> domains = +local_domains
> local_part_suffix = -*
> check_local_user
> verify_only
> allow_fail
> require_files = $home/.email_blacklist
> condition = ${lookup{$local_part_suffix}lsearch{$home/.email_blacklist} {yes}{no}}
> data = :fail: ${lookup{$local_part_suffix}lsearch{$home/.email_blacklist} \
> {${if def:value {$value}{address invalid}}}{address invalid}}
That looks about right, applying what you said up top...
Many thanks for you help Phil,
I'll test it and try to get it clean enough to maybe put in the exim
Wiki as a recipe.
All the best,
Tim
> Note that the lookup result should be cached, so in reality the file is
> only scanned once.
>
> Regards,
> -Phil
>
--
Tim Watts
Personal Blog:
http://www.dionic.net/tim/