exim default config question

[David Woodhouse]

On Fri, 2005-02-25 at 01:45 +0100, Cream wrote:
>
>accept  domains         = +relay_to_domains
>        endpass
>        verify          = recipient
>
>Whats going on here? how is it verifying recipients on another server?

In that case it's simply verifying that it can route messages to the
other server -- it's not verifying individual recipients at all. 

Synchronising user lists is outside the scope of the default
configuration, but the simple option is to do a callout to the primary
MX to verify that the recipient actually exists. Obviously that doesn't
help if the primary MX is down, but it does help with the common spammer
trick of just sending crap to the backup on the basis that it's more
likely to accept it. You can change the above to:

	accept domains = +relay_to_domains
	       endpass
	       verify = recipient/callout=use_sender,defer_ok

Going to http://www.exim.org/exim-html-4.40/doc/html/spec.html then
selecting 'V' in the Concept Index then 'verifying:address, options for'
will get http://www.exim.org/exim-html-4.40/doc/html/spec_38.html#IX2434
which explains the callout options in more detail -- basically this
attempts an SMTP callout to the primary MX using the same source and
destination mail addresses, and rejects the incoming mail if the primary
MX doesn't like the (sender,recipient) pair. If the primary is down, the
defer_ok option means that it'll accept the mail and queue it.

If the primary is one of the versions of Exchange which can't (or
doesn't) do rejection at SMTP time properly, then the above won't help
and you have to use an LDAP query for verifying addresses. See sample
configuration 'C043' in the FAQ.

-- 
dwmw2