Re: [exim] Verify outgoing email while using a smarthost

Top Page
Delete this message
Reply to this message
Author: Mike Brudenell
Date:  
To: Exim Users
CC: Jason
Subject: Re: [exim] Verify outgoing email while using a smarthost
Hi,

Exim is doing exactly what your routers are currently written to tell it do…

Your *verify_address* router is set (by the *verify_only*) to be used only
when verifying an address: for example, as you're doing when you use the
"-bv" command line option. If the DNS lookup says that the domain doesn't
exist then the router declines to handle the message and it falls through
to the next router.

The next router is *smarthost* which is set not to be used when verifying
(because you have given it *no_verify*). So when you're verifying there's
no later router that handles the address being verified so you get the
"Unrouteable address" result.

*However* when you're doing it for real then when *verify_address* finds a
domain that doesn't exist in the DNS and declines, the *smarthost* router
*does* run and do exactly what you tell it: send the message over to your
smarthost. (I've not used *host_find_failed* but suspect it applies if Exim
can't find IP addresses for the smarthost(s) you've defined in *route_list*,
not for the recipient address' domain.)

As it says in at the start of the *Specification* when describing a
*manualroute* router (emphasis by underlining mine)…

The *manualroute* router is so-called because it provides a way of manually
routing an address according to its domain. It is mainly used when you want
to route addresses to remote hosts according to your own rules, *bypassing
the normal DNS routing that looks up MX records*.


I have a feeling that you trying to check in your *smarthost* router whether
the MX records for the recipient address' domains are valid might be
unusual; it's easy to argue that should be the job of the smarthost rather
than yourself!

But if you're determined to do it then presumably you could use a

*${lookup dnsdb{mx=$domain}{$value}fail}*

(Someone else might be able to suggest an easier way of doing the check,
but this could be one way.)

Read the chapter *File and database lookups
<http://www.exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html>*
in the *Specification* for more on theis and other types of lookup.

Cheers,
Mike B-)

On 3 August 2016 at 14:10, Jason <silo82@???> wrote:

> Hi,
> Is it possible for Exim to verify outgoing mail when using a smarthost?
> Specifically, I'm looking to have Exim verify (using dnslookup) that the
> domain exists for the recipient. If the domain returns NXDOMAIN (or some
> other DNS error), defer it, if DNS exists, continue with the routing. I
> tried the following:
>
> # Verify the recipient domain exists in DNS before sending to the relay.
> verify_address:
> debug_print = "R: verify_address for $domain"
> driver = dnslookup
> domains = ! +local_domains
> verify_only
> no_more
>
> smarthost:
> debug_print = "R: smarthost for $local_part@$domain"
> driver = manualroute
> domains = ! +local_domains
> transport = remote_smtp_smarthost
> route_list = * DCsmarthost byname
> host_find_failed = defer
> same_domain_copy_routing = yes
> no_verify
> no_more
>
> And it seems to work during testing:
>
> # exim -bv someone@???
> someone@??? failed to verify: Unrouteable
> address
> # exim -bv someone@???
> someone@??? verified
>
>
> However, when sending a test message to an NXDOMAIN, exim happily forwards
> it to the smarthost:
>
> 2016-08-03 08:07:28 1bUvtQ-0007bm-Vh <= root@somehost U=root P=local S=486
> T="test"
> 2016-08-03 08:07:29 1bUvtQ-0007bm-Vh =>
> someone@??? R=smarthost T=remote_smtp_smarthost
> S=505 H=ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com [50.19.94.229]
> X=TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
> DN="C=US,ST=Washington,L=Seattle,O=Amazon.com\, Inc.,CN=
> email-smtp.us-east-1.amazonaws.com"
> 2016-08-03 08:07:29 1bUvtQ-0007bm-Vh Completed
>
> Is it possible for Exim to do outbound verification while using a
> smarthost? If so, what am I missing?
>
> Thanks
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/





--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm