>> Actually, in Graeme example (below), I can't see where Exim retrieves the
>>relay
>> host(s) to check against.
>>
>> warn domains = +filter_domains:+relay_to_domains
>> !verify = recipient/callout=30s,defer_ok,no_cache,use_sender
>> set acl_m_VER = REJ--RR6: $acl_verify_message
>>
>> deny message = Recipient verification failed.
>> condition = ${if !eq{$acl_m_VER}{}}
>>
>> Can you explain please ?
>An Exim "verify" run goes through the Routers in order, testing them in
>"verify" mode. It skips those with "no_verify" (as opposed to actual
>routing, which skips those with "verify_only").
>By default, when Exim encounters an smtp transport, it stops at that
>point and considers an address verified. The "/callout" means "try the
>transport in callout mode" (which is much more limited).
>So "verify = recipient" -> "verify = recipient/callout" means that
>verification will include making SMTP connections, as warranted.
>Thus the importance of using some "domains" restrictions, to keep from
>being abusive.
Ok, I got the picture. I didn't understand why Exim would go through the
routers.
Thanks for the explanation, that was pretty clear.
