Re: [exim] Verifying local addresses for inbound emails when…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Sebastian Arcus
CC: exim-users
Subject: Re: [exim] Verifying local addresses for inbound emails when using Dovecot/pipe transport
On 2017-11-29 at 22:18 +0000, Sebastian Arcus via Exim-users wrote:
> Is there a way to build a router only for verification of local addresses
> for inbound messages? As far as I can tell, verify = recipient doesn't work
> when Exim delivers to Dovecot through dovecot-lda - as this always verifies
> the recipient (as long as the domain is in +local_domains) no matter what
> the local part is. I guess the only way is to construct an extra router,
> which does verification separately, maybe against a separate list of local
> addresses in a file?


Yes. Put "verify_only" on that Router, and "no_verify" on the delivery
Router, and have them adjacent in the configuration.

This is also a useful split if you have to send mail off to a smarthost
but are online and can do DNS lookups; eg "remote_dns_verify:" Router
with "same_domain_copy_routing" and "verify_only" immediately before
your "smarthost:" Router.

I'm surprised that dovecot-lda isn't verifying the recipient. You're
using it in LMTP mode right, so that Exim can talk to it? And if it's
an SMTP/LMTP Driver then you probably need to explicitly do
verify=recipient/callout in the ACL.

For myself, I deliver most mail to Cyrus and I cheat and use knowledge
of the backing filesystem layer, breaking the black box open, so I just
use one Router for delivery and verification, but it has:

require_files = IMAP_MAIL_BASE/${length_1::$local_part}/user/${tr{$local_part}{.}{^}}

for the user-address router, and a shared-folder router has:

require_files = IMAP_MAIL_BASE/${length_1::$local_part}/${lookup{$domain}cdb{CDBMAILTABLES/imap_shared_name.cdb}}/${tr{$local_part}{.}{^}}

This is indubitably "wrong and evil" from the Cyrus perspective, but
it's simple and clean and right from my postmaster perspective.

This should be doable for Dovecot too; or use Dovecot's user database in
a lookup: condition = ${lookup pgsql{SELECT whatever}{yes}{no}}
instead.

-Phil