?
Solved

exim relay questions

Posted on 2010-01-12
9
Medium Priority
?
120 Views
Last Modified: 2015-06-08
hi,

i have an exim/spamassassin/clamav email relay running in front of my exchange 2010 server.

so mail is routed through this relay server and forwarded to my exchange server using remote_smtp transport in 200_exim4-config_primary

i have these two problems:

1. if someone sends a mail to thisuser@mylocaldomain.com from thatuser@mylocaldomain.com and thisuser@mylocaldomain.com does not exisit, the mail goes into a mailloop

there should be an easy way to block this using an acl like mail from external with local senderdomain is denied.

2. i want to use a textfile on the relay to enter valid local recipients (like user1@mylocaldomain.com, anotheruser@mylocaldomain.com) there. mails to local recipients not in this list should be rejected as early in the smtp communication as possible

thx

richard
0
Comment
Question by:edvc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 1

Author Comment

by:edvc
ID: 26312375
no ideas anybody?

thx

richard
0
 
LVL 26

Expert Comment

by:jar3817
ID: 26329040
"1. if someone sends a mail to thisuser@mylocaldomain.com from thatuser@mylocaldomain.com and thisuser@mylocaldomain.com does not exisit, the mail goes into a mailloop"

This condition really should never come up if this server is just a relay. I would assume your users would be setup as exchange clients (receiving and sending directly from exchange) and only mail addressed to an external recipient would go to the exim relay for it to deliver. Exchange would catch the unknown user and immediately send back an NDR before it ever gets to the relay.

Maybe there is more to your setup than I can see right now...
0
 
LVL 2

Expert Comment

by:sappsys
ID: 26396342
For number 2 :-

Put something like this in your rcpt ACL

# Incomming
  accept  domains       = mylocaldomain.com
          endpass
          message       = No Authorisation (RCPT) (allowed.users)
          recipients    = lsearch;/etc/exim/allowed.users

allowed.users file :-
user1@mylocaldomain.com:
user2@mylocaldomain.com:
user3@mylocaldomain.com:
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 2

Expert Comment

by:sappsys
ID: 26396357
For Number 1 :-

I would have to see your config file, and see the errors in the log file that were subsequently generated when you tried emailing a user that did not exist.

I suspect something like your Exchange server is 550'ing the email and your front end email servers aren't coping with that too well.
0
 
LVL 2

Expert Comment

by:sappsys
ID: 26396384
I would always make the default action of my ACL's to be a deny with a series of accept rules that make sure only emails I'm happy with pass..

This would transparrently pass on the decision for the users existing to your echange server by insisting a verify callout is made before your relay accepts the email:-

acl_check_rcpt:
  # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
  deny    message       = Root not allowed
          local_parts   = root

  deny    message       = Restricted characters in address
          domains       = +relay_to_domains
          local_parts   = ^[.] : ^.*[@%!/|]

  accept  local_parts   = postmaster
          domains       = +relay_to_domains

  # Discard non-existant users
  discard !verify        = recipient/callout=1m,defer_ok
  deny    message       = relay not permitted

This may do what you want a little better than having to maintain a user list on your relays.
0
 
LVL 1

Author Comment

by:edvc
ID: 26518361
sorry for the late response. i didn't get a response by mail.

i'll check this out in the next days an come back to you

thx

richard
0
 
LVL 1

Accepted Solution

by:
edvc earned 0 total points
ID: 33877968
so, month later i fixed it using a totally different solution.

i used vexim to manage local mail accounts and created aliases to forward the mail to my internal systems.

e.g.

someone@domain.com goes to someone@domain.local

exchange user hat both addresses and sends with the @domain.com one.

you can have catchall accounts, local mailboxes on exim (roundcube is a nice webmail interface) and aliases with no local storage on the exim server.

thx

richard
0
 
LVL 2

Expert Comment

by:sappsys
ID: 33882602
Glad you got a solution that works for you :)
0
 
LVL 1

Author Closing Comment

by:edvc
ID: 40817774
"selfsolved" using another way
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month7 days, 21 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question