Re: [exim] Recipient verify only for non-authenticated users

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim users
Sujet: Re: [exim] Recipient verify only for non-authenticated users
Colin wrote:
>
> On 26/10/2011 12:38, Colin wrote:
>>
>>
>> Hi folks,
>>
>> The default Exim configuration has "require verify = recipient" in
>> acl_check_rcpt.
>>
>> I'm having problems with Outlook users where they send a message to 20
>> people and the smtp session for the whole message gets rejected
>> because one message exhibits a temporary failure. The most noteable
>> one is "host lookup did not complete".
>>
>> I was hoping to disable recipient verification for authenticated users
>> on the basis that these messages would go into Exim queues, be
>> delivered to valid recipients and the failed ones returned when the
>> retry time expires.
>>
>> Can anyone suggest what is needed to modify the line to do this, or
>> alternatively a way to prevent the whole SMTP session from being
>> rejected when only one recipient gets this error?
>>
>> Thanks,
>> Colin.
>>
>
> Apparently something is amiss.
>
> According to my ACL, authenticated users should not be subject to the
> recipient verification.
>
> I have this earlier in the ACL so the message should be accepted before
> it gets to the recipient verification.
>
> accept hosts = *
> authenticated = *
>
> To test, I have commented out the recipient verification from exim.conf
> and restarted exim. The message still gets rejected.
>
> I can see from my frontend server logs that the message gets rejected at
> RCPT TO time so it can't be any later ACLS.
>
> Google is not my friend on this one as trying to find anything about
> "host lookup did not complete" comes back with billions of people with
> misconfigured DNS. That is not my problem, I want Exim to accept
> messages with temporary failures from authenticated users.
>
> I guess another setting is required so I will keep searching...
>


A host lookup (of any kind..) should NOT be called for on submission
port 587.

The typical user pool will be on broadband or dial-up and have neither a
proper PTR RR nor DNS 'chain' that Exim (fairly forgiving and persistent
at 'finding a way') is able to vet as smtp-useful.

You need to grep-out that clause and modify what is around it.

Here are a couple of examples for making exceptions on a similar issue.

====
deny
     condition   = ${if eq{$interface_port}{25}}
     !verify     = reverse_host_lookup
===


deny
     !condition   = ${if eq{$interface_port}{587}}
     !verify     = reverse_host_lookup


===

Don't forget to also cast a glance at a local IP whitelists or such
BEFORE hitting anyhting as draconian as these - or as another included
!condition on hit.

May also need a 'pass' for authorized relays and DNS-less boxen, such as
file archivers ELSE their cron reports can be blocked...

Bill

--
韓家標