Re: [exim] Recipient Verification Bypassed

Top Page
Delete this message
Reply to this message
Author: Drav Sloan
Date:  
To: Rical Jasan
CC: exim-users
Subject: Re: [exim] Recipient Verification Bypassed
Rical Jasan wrote:

[snip]

> 2016-11-27 23:35:54 [7002] cwd=/var/local/spool/exim 3 args:
> /usr/local/sbin/exim -Mc 1cBGTh-0001ou-9V
> 2016-11-27 23:35:54 [7002] 1cBGTh-0001ou-9V ** user@???
> F=<Honeycutt_Otis@???> P=<Honeycutt_Otis@???>
> R=dovecot T=lmtp: LMTP error after RCPT TO:<user@???> 550 5.1.1
> <user@???> User doesn't exist: user@???


Given that the final delivery point is LMTP, I assume you are delivering
onto something like Cyrus IMAP?

In which case, your router which delivers onto the LMTP process will probably
not do local_part verification, which causes the recipient/callout to work
for any local_part.

You can verify that by doing:

exim -bt somefakelocal_part@???

(and use the addtional -d+all argument to exim if you want to see debugged
processing of that routing). I think you will find it will say that all
addresses (valid or not) are deliverable.

You can add an additional check in your acl_check_rcpt, which can validate
that a user exists for a cyrus domain with something like:

  deny domains = +local_domains
    !condition = ${run {/usr/sbin/mbpath -q -s user.$local_part}{true}{false}}


If you use address suffixes, you can work around it with something like:

# Get the local part minus any suffixes
warn set acl_m9 = ${sg{${lc:$local_part}}{[+-].+\$}{}}

  deny domains = +local_domains
    !condition = ${run {/usr/sbin/mbpath -q -s user.$acl_m9}{true}{false}}


Note, use of mbpath requires exim to have permission to read the cyrus
mailboxes.db file for this command to work properly.

Also make sure $acl_m9 is not used by some other ACL :)

Regards

D.