rejecting mail instead of failing it

[GOT]

Yup! Can't wait to try it out!

Thanks!

[Huminie]

Well, I guess I just feel like a dork then since I can't get this to work. Everything you say makes perfect sense, and it all looks good to me, but it just doesn't work. My server still gives a 250 for "rcpt to:<reallybogususer@mydomain.com> even after these changes.

Here is what I have:


accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *


If this looks ok, is there anything else I could be missing? Sorry to be such a pain, but this is getting a bit frustrating for me.

[cyberspirit]

Huminie,
Send me your /etc/exim.conf file via PM and I will take a look at it.

[Huminie]

The file is too long to PM. Can you PM me an email addy?

Thanks for your help!

[Website Rob]

Originally posted by Huminie
The file is too long to PM. Can you PM me an email addy?

Thanks for your help!

Couldn't you have just sent the question to cyberspirit via a PM?

Come on guys, we don't want to read about you two having PM problems.

[jbix9]

This works awesome. I've been testing it out and it's working out so far. This should help the load greatly. Yes, this should be the default Cpanel setting. Thanks Cyberspirit!

[critter]

Is there some way using this system to check if the "senders" email addy is valid. If we could do this it would really cut down on spam.

[cyberspirit]

Gerry,
Before you go into the advanced exim configuration manager in WHM there is actually a check box to verify sender. Check this and save and you are ready to go.

[critter]

Just a lowley reseller ... looks like I don't have access to Exim, I'll hafta ask my host if that function is enabled.

Thanks though.

[BuffaloWeb]

Hmm... this doesn't seem to be working for me. Here is everything I have in the ACL (from WHM/advanced exim config editor):

================================

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :


# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}


# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}



require verify = sender
accept domains = +local_domains
endpass
message = The requested mailbox does not exist
verify = recipient
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.


#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept

================================

Am I doing something wrong here? Is there something else in the ACL that is overriding the "endpass, message = The requested mailbox does not exist, verify = recipient" bit?

Maybe I am just not thinking clearly on how I would verify that it's working?:

I am sending an email to an invalid address, eg bademail@buffalowebhosting.com and expecting to see a message back that says "The requested mailbox does not exist". But that's not happening (trying to send these from several accounts not on this server). Maybe someone can try emailing that address and let me know if they get an email back that says "The requested mailbox does not exist"?

Also, what should the "default" email address be set to? :blackhole:? :fail:? Or will this override individual handling?


Your help is appreciated!

[BuffaloWeb]

Ok, something's not right... following the instructions above and using:

require verify = sender
accept domains = +local_domains
endpass
message = mailbox does not exist
verify = recipient
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

It seems that CPanel is STILL managing what happens to mis-addressed incoming mail, NOT this ACL. Depending on how the default is set in CPanel for each domain, with either "username", blackhole, fail, for example, the mis-addressed mail either gets delivered to "username", blackhole, or fails. Interestingly, if I set the default to fail, the message from the ACL is sent, but the whold dang purpose of this ACL is to BYPASS CPanel's handling of mis-addressed mail, right?

[bigjohn]

Originally posted by cyberspirit
Gerry,
Before you go into the advanced exim configuration manager in WHM there is actually a check box to verify sender. Check this and save and you are ready to go.

does that cause the mail agent to verify the sender of INCOMING mail? If that is true, then a TON of spam could be axed.

John

[GOT]

It checks the TO filed to make sure that the account exists. If it does not (or it is set to :fail then Exim will reject it before it even receives it.

It is the greatest tweak ever found!

[bigjohn]

Originally posted by GotHosting
It checks the TO filed to make sure that the account exists. If it does not (or it is set to :fail then Exim will reject it before it even receives it.

It is the greatest tweak ever found!

ahh, I think my host has that enabled already.

I was hoping that it validated the sender - so that x70lxw488s@yahoo.com (and all the similar random pattern sender names...) got killed before accepting them!

John

[BuffaloWeb]

Can anyone answer this for me - I think I must ahve something confused...

With the ACL changes from above in place, it seems that CPanel is STILL managing what happens to mis-addressed incoming mail on my server, NOT the ACL. Depending on how the default is set in CPanel for each domain ("username", blackhole, fail), the mis-addressed mail gets delivered to "username", blackhole, or fails respectively. Interestingly, if I set the default in CPanel to fail, the message I put in the "message =" string of the ACL is sent!

The purpose of this ACL is to BYPASS CPanel's handling of mis-addressed mail, right? If so, than why is the above happening?