• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 126
  • Last Modified:

exim relay questions

hi,

i have an exim/spamassassin/clamav email relay running in front of my exchange 2010 server.

so mail is routed through this relay server and forwarded to my exchange server using remote_smtp transport in 200_exim4-config_primary

i have these two problems:

1. if someone sends a mail to thisuser@mylocaldomain.com from thatuser@mylocaldomain.com and thisuser@mylocaldomain.com does not exisit, the mail goes into a mailloop

there should be an easy way to block this using an acl like mail from external with local senderdomain is denied.

2. i want to use a textfile on the relay to enter valid local recipients (like user1@mylocaldomain.com, anotheruser@mylocaldomain.com) there. mails to local recipients not in this list should be rejected as early in the smtp communication as possible

thx

richard
0
edvc
Asked:
edvc
  • 4
  • 4
1 Solution
 
edvcAuthor Commented:
no ideas anybody?

thx

richard
0
 
jar3817Commented:
"1. if someone sends a mail to thisuser@mylocaldomain.com from thatuser@mylocaldomain.com and thisuser@mylocaldomain.com does not exisit, the mail goes into a mailloop"

This condition really should never come up if this server is just a relay. I would assume your users would be setup as exchange clients (receiving and sending directly from exchange) and only mail addressed to an external recipient would go to the exim relay for it to deliver. Exchange would catch the unknown user and immediately send back an NDR before it ever gets to the relay.

Maybe there is more to your setup than I can see right now...
0
 
sappsysCommented:
For number 2 :-

Put something like this in your rcpt ACL

# Incomming
  accept  domains       = mylocaldomain.com
          endpass
          message       = No Authorisation (RCPT) (allowed.users)
          recipients    = lsearch;/etc/exim/allowed.users

allowed.users file :-
user1@mylocaldomain.com:
user2@mylocaldomain.com:
user3@mylocaldomain.com:
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
sappsysCommented:
For Number 1 :-

I would have to see your config file, and see the errors in the log file that were subsequently generated when you tried emailing a user that did not exist.

I suspect something like your Exchange server is 550'ing the email and your front end email servers aren't coping with that too well.
0
 
sappsysCommented:
I would always make the default action of my ACL's to be a deny with a series of accept rules that make sure only emails I'm happy with pass..

This would transparrently pass on the decision for the users existing to your echange server by insisting a verify callout is made before your relay accepts the email:-

acl_check_rcpt:
  # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
  deny    message       = Root not allowed
          local_parts   = root

  deny    message       = Restricted characters in address
          domains       = +relay_to_domains
          local_parts   = ^[.] : ^.*[@%!/|]

  accept  local_parts   = postmaster
          domains       = +relay_to_domains

  # Discard non-existant users
  discard !verify        = recipient/callout=1m,defer_ok
  deny    message       = relay not permitted

This may do what you want a little better than having to maintain a user list on your relays.
0
 
edvcAuthor Commented:
sorry for the late response. i didn't get a response by mail.

i'll check this out in the next days an come back to you

thx

richard
0
 
edvcAuthor Commented:
so, month later i fixed it using a totally different solution.

i used vexim to manage local mail accounts and created aliases to forward the mail to my internal systems.

e.g.

someone@domain.com goes to someone@domain.local

exchange user hat both addresses and sends with the @domain.com one.

you can have catchall accounts, local mailboxes on exim (roundcube is a nice webmail interface) and aliases with no local storage on the exim server.

thx

richard
0
 
sappsysCommented:
Glad you got a solution that works for you :)
0
 
edvcAuthor Commented:
"selfsolved" using another way
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now