[exim] BATV configuration

Fri, 30 May 2008 12:25:36 -0700 

After working on configuring Exim for BATV for a while and running into some 
problems, I wanted to pass on my configuration that got me working.  Some of 
the information out there is a little out of date and it may help someone 
else to have a whole list of changes necessary.

I'm somewhat of Exim newcomer so some things may be wrong - corrections or 
comments are welcome; most of this I have cobbled together from multiple 
sources on the web.

This setup is for the newer/newest draft of BATV where the format of the 
address is: [EMAIL PROTECTED]
This means that comments in the documentation about this stanza 
  deny    message       = Restricted characters in address
              domains       = +local_domains
              local_parts   = ^[.] : [EMAIL PROTECTED]/|]
are no longer valid since BATV now uses '=' instead of '/'.

Note, one addition that I may make in the future is to add a check for the 
number of recipients - real bounces go to only one destination. For automated 
messages to multiple recipients with a null MAIL FROM,  my configuration 
below would block these; so a line with something like this: " !condition = 
${if >{$rcpt_count}{1}}" would have to be added to the deny BATV unsigned 
bounces paragraph.


# Main section
...
BATVKEY = something
...



# ACLs
acl_check_rcpt:
   ...
  ## I put the BATV ACL at the end
  # check that BATV signature is valid
  deny    message       = invalid or expired BATV signature 
          # Match null sender messages (DSN)
          senders       = : 
          control       = caseful_local_part 
          condition     = ${prvscheck [EMAIL PROTECTED] 
          !condition    = $prvscheck_result 
          control       = caselower_local_part 

  # deny BATV unsigned bounces
  deny    message       = bounce is not BATV signed  
          senders       = : 
          condition     = ${if !match{$local_part}{^prvs=}}



# Routers
begin routers
  ## put the BATV routers at the top
# I believe this so that outbound(non-local) mail is BATV signed
dnslookup_batv:
  driver = dnslookup
  condition = ${if match_domain{$sender_address_domain}{+local_domains}}
  domains = ! +local_domains
  transport = external_smtp_batv
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8

# I believe this so the recipient address would be decoded
batv_redirect:
  driver = redirect
  data = ${prvscheck [EMAIL PROTECTED]
...



# Transports
begin transports
...
# (believe that the placement of the transport stanza does not matter)
external_smtp_batv:
  driver = smtp
  return_path = ${prvs {$return_path}{BATVKEY}}
...

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to