Exim server configuration used as a backup mx record. Need to configure to avoid backscatter

Posted on 2009-04-22
Last Modified: 2012-05-06
Hi there.

I work for an ISP, and we provide a linux exim mail server as a backup mx for our clients. The problem is that we are now being listed on backscatter lists as we are sending User unknown replies when we get that reply from the customers email server.

This works fine most of the time but when forged 'from' email is sent our exim server is replying to that from address even though that from address didn't send the email in the first place.

How exactly can we fix this? We still want to provide a backup mx to our customers. Is there a way that we can configure exim to check a user exists first by opening a rcp session to their mail server before sending on email?

We cannot disable NDR's as that will prevent legitimate senders from getting NDR's to an old address.

Has anyone got any experience of this scenario at all?
Question by:Magyarke
    LVL 1

    Expert Comment

    I remember having to do this for a maill gateway, otherwise we ended up with loads of frozen messages in the queue.

    As I recall, you wou need a setup as follows:

    * Exim must be complied with exiscan (this will allow it to run checks before it accepts the message).
    * Add your clients' domains to your relay_to_domains.
    * (Not sure if this step is absolutely necessary.) Set up your clients' mail servers in the hubbed_hosts file in your exim config directory. (check youe exim documentation for the syntax - I think it is the form: "" - one line per server)
    * Have the following section in your acl_check_rcpt section (careful where you put this directive - order matters i.e. of you use DNSBL, or SPF checking, you would want to deny the message before it got to this check):
        domains = +relay_to_domains
        verify = recipient

    That should just about do it however, you should consider that in the case of a backup mailserver, it would only be used when the primary mailserver is unavailable. If you are using the primary mailserver as your hubbed host (or not using a hubbed host at all), your backup mailserver would not accept mail for your client if the primary was offline, thus defeating the porpose of the backup mailserver.

    Depending on how your clients have setup their servers, you may be able to define a hubbed host that can accept mail (and thus verefy that the recipient address is valid), and is not their primary incoming MX.

    You should also bear in mind that the configuration can be stored in different places depending on what flavour of linux you are running, and weather you are using split config or not.

    Hope this helps you somewhat.
    LVL 1

    Accepted Solution

    Just dug up an old config file and realise that I have missed one small but essensial part:

    *Make sure your acl_check_rcpt has the following in it somewhere (ubuntu has it there already):

        !acl = acl_local_deny_exceptions
        recipients = ${if exists{CONFDIR/local_rcpt_callout}\
        !verify = recipient/callout

    *Create a file in your exim config directory called local_rcpt_callout with a list of domains that you wish to check receipient addresses for with one line per domain.

    Make sure you check your exim documentation for information on callouts.

    Author Comment

    Thanks Swanny. I'm back at work tomorrow and will be discussing this within the team. I'll let you know how it goes

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    In this post, we will have a look on how to install Exchange Server 2013 from command prompt, instead of using the graphical user interface. Below are the steps that are to be performed to install Exchange Server 2013. 1. Domain Controller and…
    I tend toward trying the newest hardware and software.  Thiss sometimes works out to my benefit, and sometimes not.  Because I downloaded and installed Android 5.x (…
    The purpose of this video is to demonstrate how to set up an account with Mailchimp. This will be demonstrated using a Windows 8 PC. Tools Used are: Go to : Enter an Email, Username, and Password. Click Create My Acco…
    This Micro Tutorial will demonstrate the easy use of Gmail embedding images in your email so the recipient of your email can view them in context.

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now