[Pkg-exim4-users] Re: Bug#379155: please add an option to verify recipient first

Robert Millan rmh at aybabtu.com
Mon Jul 24 13:56:27 UTC 2006 

On Mon, Jul 24, 2006 at 10:39:38AM +0200, Marc Haber wrote:
> 
> Probably, it might be acceptable to do early recipient verification
> for messages that have neither been delivered authenticated nor
> delivered from a host that we relay from.

Yup. Sounds much better to me, too.

> Depending on how ugly this
> configuration gets, this might be acceptable as a default. I'd like to
> hear some comments from exim-users first though.

I propose the attached patch.  CCing exim-users too.

-- 
Robert Millan

My spam trap is honeypot at aybabtu.com.  Note: this address is only intended for
spam harvesters.  Writing to it will get you added to my black list.
-------------- next part --------------
Index: debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
===================================================================
--- debian/debconf/conf.d/acl/30_exim4-config_check_rcpt	(revision 1510)
+++ debian/debconf/conf.d/acl/30_exim4-config_check_rcpt	(working copy)
@@ -22,11 +22,6 @@
   # MTAs and submissions from MUAs you should probably split them into two
   # lists, and handle them differently.
 
-  # Recipient verification is omitted here, because in many cases the clients
-  # are dumb MUAs that don't cope well with SMTP error responses. If you are
-  # actually relaying out from MTAs, you should probably add recipient
-  # verification here.
-
   # Note that, by putting this test before any DNS black list checks, you will
   # always accept from these hosts, even if they end up on a black list. The
   # assumption is that they are your friends, and if they get onto black
@@ -47,6 +42,13 @@
     control = submission/sender_retain
 
 
+  # Recipient verification is very cheap, so we do it before the other checks.
+  # But, not before verifiing that we aren't being used as relay, because in
+  # many cases the clients are dumb MUAs that don't cope well with SMTP error
+  # responses.
+  deny
+    !verify = recipient
+
   # The following section of the ACL is concerned with local parts that contain
   # certain non-alphanumeric characters. Dots in unusual places are
   # handled by this ACL as well.
@@ -276,8 +278,6 @@
 
   accept
     domains = +local_domains
-    endpass
-    verify = recipient
 
 
   # Accept if the address is in a domain for which we are an incoming relay,
@@ -285,8 +285,6 @@
 
   accept
     domains = +relay_to_domains
-    endpass
-    verify = recipient
 
 
   # Reaching the end of the ACL causes a "deny", but we might as well give

More information about the Pkg-exim4-users mailing list