Re: [exim] Configuring unauthorised sender responses

Top Page
Delete this message
Reply to this message
Author: Merlin Hartley
Date:  
To: Jeremy Harris
CC: exim-users
Subject: Re: [exim] Configuring unauthorised sender responses
Thanks Jeremy

Sounds like ACL is likely to be the right place for this - but I have about a hundred lists some of which have an Allow file and it isn’t a separate domain to our mailboxes… seems complex…

Honestly I never really looked at ACLs I just use the defaults and write new routers when I want new functionality ;)

I probably have some reading ahead of me!


Merlin


--
Merlin Hartley
Computer Officer
MRC Mitochondrial Biology Unit
University of Cambridge
Cambridge, CB2 0XY
United Kingdom

> On 11 Jan 2018, at 12:36, Jeremy Harris <jgh@???> wrote:
>
> On 11/01/18 12:14, Merlin Hartley wrote:
>> We use a simple list system (that I wrote a few years ago) which pulls data out of our HR database and creates files containing e-mail addresses (router described below) - which has an option to restrict the senders for submission to the list.
>> When a message is from an authorised sender it is delivered to the list - when the sender is not on the Allow list the message drops through to the next router and therefore ends up at the last router which has a ‘cannot_route_message’.
>>
>> So far this sounds fine, the problem occurs when an intermediate MTA (e.g. our edge servers which I don’t control) tries to deliver a message with an unauthorised sender - this failure is then cached and no more messages to that list are accepted (even with authorised senders).
>>
>> I expect I should be checking the senders in a different way and giving a different response code in cases where the sender is unauthorised - so that intermediate MTAs don’t cache the result for this recipient…
>>
>> Does anyone have any pointers for me?
>
> I assume you're doing recipient verify, from the RCPT ACL - although the
> router call is then checking the sender - so the intermediate MTA is
> getting an SMTP-time rejection for the RCPT TO... which is your ML
> submission address. As opposed to doing an accept-and-bounce.
>
> Could you reject in the MAIL ACL instead?
> --
> Cheers,
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/