Renaud Allard wrote:
I am trying to make my fallback mail server reject mail for non-existent users during SMTP, so I want to do recipient verification callouts to the primary mail server.The problem is, that the fallback also relays mail for some domains that have different primary servers, and I don't want to do callouts to those servers. Is there a way to restrict verification callouts to certain hosts? The fallback does not have any authoritative knowledge about which domains end up at OUR primary, that is decided during routing exclusively. An ACL statement like: verify = recipient/callout=10s,defer_ok does the verification routing and the callout to the resulting target host at once, so I can't fix this in the ACL. I haven't found anything useful in the chapter about callout parameters in the manual. Any suggestions?Just add a line in your ACL domains = domain1.tld : domain2.tld verify = recipient/callout=10s,defer_ok
Well, the problem was, like I wrote earlier, that this server didn't really know which domains qualify for a callout and which don't.
One option would be, to have the fallback set up a list of local domains in the same way the primary does. The domains are in MySQL anyway. If I did that, the method above would work.
There are some drawbacks:1. If I can set up a list of local domains this way, I can also check the final recipient directly from the database (although that would be harder), so I wouldn't actually need a callout.
2. In the future, I may not have the option described above, because some day we might add a fallback sever, that does not have access to our mail server database.
3. A small issue, but something I was hoping I could avoid: suppose a certain domain was once local to our primary mail server. Now, the client sets up his own mail server somewhere, changes the lowest MX, but still uses our fallback (with permission). Now, if we forget to delete the domain from our mail sever database, the fallback will accept or deny mail based on the old data that is in our database. If there was a check for the actual target somewhere, this could be prevented.
Best regards, Martijn Grendelman
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
