Viktor Dukhovni <exim-users@???> (So 16 Nov 2014 23:47:44 CET):
…
> > One good and one bad:
> >
> > <- 220 [hidden] Exchange
> > -> EHLO nbox
> > <- 250-exchange.[hidden].de Hello [10.0.8.2]
> > ...
> > -> RCPT TO:<peter.[hidden]@foo.[hidden].de>
> > <- 250 2.1.5 Recipient OK
> > -> RCPT TO:<foo@foo.[hidden].de>
> > <- 250 2.1.5 Recipient OK
> > -> DATA
> > ...
> > -> .
> > <** 550 5.1.1 User unknown
>
> This is severely broken. Such a server must not be used to handle
> mail originating outside of Exchange without prior recipient
> validation (via LDAP, or similar) by a front-end gateway the
> processes multi-recipient mail correctly.
Validation via LDAP/AD imposes several problems, I think.
- The backend might have policies based on the sender.
- Unterstanding the AD structure of the Exchange (Forwardings,
Aliases, Groups, …) is probably not straight forward …
- The owner of the AD might have reasons not to expose the
directory or parts of it to the front-end gateway.
> This behaviour should be configurable and it should be possible
> to disable it.
Until now I didn't see any working solution. The admins of the backend
are working on it…
PS: I'm curious how the appliances (astaro, …) will handle this case. I
think, they rely on recipient callouts too…, I'm not sure though.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
gnupg fingerprint: 9288 F17D BBF9 9625 5ABC 285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B)-
