[exim] verify = recipient, using virtual domains, rejects al…

Top Pagina
Delete this message
Reply to this message
Auteur: Phillip Carroll
Datum:  
Aan: exim-users
Nieuwe Onderwerpen: [exim] SOLVED - Re: verify = recipient, using virtual domains, rejects all local recipients
Onderwerp: [exim] verify = recipient, using virtual domains, rejects all local recipients
Using exim 4.80 on Centos 5.5.

My exim configuration uses virtual domain routers similar to shown in
chapter 49.7 of the current doc. This has been working perfectly for
about 10 years on several different servers I have migrated to over the
years. I have never used recipient verification, but instead have simply
bounced the email back to sender in the delivery phase.

Because of a recent spate of spam emails with forged senders, most of
which are also addressed to nonexistent local_parts, I would now prefer
to reject the emails at RCPT time. However, try as I may, I cannot get
"verify = recipient" to work. If I put this into the acl_check_rcpt ACL,
all email is rejected with "550 Unknown user xxx".

Somewhere in the manual I read that verify in an ACL uses the same
router sequence as used in delivery. Clearly it does not! Tearing my
hair out with this. Basically everything I thought I understood about
exim seems to be under suspicion. As usual, it seems there is what the
manual says...and then there is what the code actually does. I am hoping
that someone with deeper understanding of the inner mysteries of exim
can explain why unverified recipients are routed perfectly, but any
attempt to verify them rejects every recipient. And, can tell me a
workaround.

None of the redirect routers have "no_more", because all emails are
ultimately routed by the local_user router, using the final data from
the redirect routers.

Running exim from command line with -bh gives me no clues, as it routes
to all addresses perfectly, cascading down through all routers as
expected, finally routing to the actual local user. (By the way, no
local user id is ever used as an actual external email address, although
is used internally) I presume this -bh doesn't pay any attention to ACLs.

It would also be nice if someone can tell me how to test this kind of
issue without using the live system. Users tend to get cranky if their
mail is returned to sender.