On Fri, 2011-09-02 at 16:54 +0100, Christian Gregoire wrote:
> Actually, the MX of the recipient's domain is my platform :
>
> INTERNET -----> MY PLATFORM -----> REMOTE SERVER
>
> so I guess a callout verification wouldn't work, because Exim would ask itself.
>
> Am I right ?
No.
Your platform (the MX layer) already has knowledge of where mail to
recipient A in domain B must be routed. You can test at this point using
a recipient callout - a call forward, if you will - which will use that
routing information to pass the recipient data to the remote server.
I do this for a number of what I call "filter" domains, in this way:
# global setting
domainlist filter_domains = lsearch;/etc/exim/filterdomains
# In the RCPT ACL:
warn domains = +filter_domains:+relay_to_domains
!verify = recipient/callout=30s,defer_ok,no_cache,use_sender
set acl_m_VER = REJ--RR6: $acl_verify_message
deny message = Recipient verification failed.
condition = ${if !eq{$acl_m_VER}{}}
# the router
filter_domains:
driver = manualroute
domains = +filter_domains
transport = filter_domains_remote_smtp
route_list = $domain \
${lookup{$domain}lsearch{/etc/exim/filterdomains}}
no_more
# the transport
filter_domains_remote_smtp:
driver = smtp
...and that's it. The $acl_m_VER part is a little more complex than you
might require because there are several reasons why a recipient address
might fail to verify, and I only want one place where I reject them (the
actual ACL section is more complex than that I have shown).
The filterdomains file is of the form:
domain: hostname1:hostname2:hostname3
Graeme
