Hi Mark,
Heiko Schlittermann via Exim-users <exim-users@???> (Mo 14 Mai 2018 21:23:46 CEST):
> all messages destined to this address. (Ideally this is done
> automatically doing inbound recipient verification.)
>
> A fast (but ugly) solution until you got the right way, could be:
>
>
> deny message = This address didn't send mails ever.
> senders = :
> local_parts = please
> domains = help.co.za
As you wrote, it works. Now we've time to discuss further measures.
It depends on you setup. I understand that you're relaying mails for
your customers domains, here you're the relay for mails from and to
help.co.nz.
The most natural way is to your inbound traffic at SMTP time for valid
AND existing recipients. The RCPT acl is the ideal place for doing so.
In an ideal world your ACL can rely on the routers and can just do a
require verify = recipient
optionally with callout, in case the routers needs to contact a remote
destination via SMTP:
require verify = recipient/callout=defer_ok,use_sender
But, as said, this relies on the router having information if the
recipient exists, or how to do the callout to the next hop. It won't
work for catchall destinations. If you insist on having catchall
destinations, you need other means to check if a given recipient address
exists.
For you special issue, being the victim of an as-sender-abused address,
you can employ BATV, bounce address tag verification. But this implies
that all the customers outbound traffic passes your servers or(!) uses
the same BATV scheme as your server uses.
Which of the above seems to be most realistic to you?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
