rejecting mail instead of failing it

[cyberspirit]

When you set in cpanel as default address :fail: no such address here Exim actually accepts the message and then sends a notification back.
This creates unnecessary load in the server from spamers sending from unknown addresses because a failure notice will come back.
Is there a way for Exim to actually verify if a mailbox exists before accepting the message?
Not accepting the message to begin with is better because it puts the burden and stress on the sending server and in spamers cases slows down their machine instead of mine.
Other smtp servers do a check before accepting the message.
Any idea how to do it?

[cyberspirit]

Ok, so I did some testing and came up with a solution to this problem. I am just surprised this is not set as default in cpanel's exim configuration since it would cut down tremendously on unnecessary email traffic.

Here is what I changed in the ACL's in the Exim Advanced configuration in WHM: (the thing I changed is the addition to the accept domains = +local_domains rule; I added endpass to pass it on to the next rule if it fails and the refusal message "unknown user" and the verify = recipient line. the rest is the same as it is by default. try it out and see how your outgoing mailqueue gets so much smaller!)


accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

[jamesbond]

Quote:

Originally posted by cyberspirit
Ok, so I did some testing and came up with a solution to this problem. I am just surprised this is not set as default in cpanel's exim configuration since it would cut down tremendously on unnecessary email traffic.

I haven't tried it yet, but if this simple solution works properly you should mention it to DarkOrb. They should configure Exim like this as default and make people happy

I've always set all main accounts to :blackhole: to prevent the mailqueue from building up. Ofcourse this is not the best solution (no fail message is returned)

[markie]

Quote:

Originally posted by cyberspirit
Ok, so I did some testing and came up with a solution to this problem. I am just surprised this is not set as default in cpanel's exim configuration since it would cut down tremendously on unnecessary email traffic.

Here is what I changed in the ACL's in the Exim Advanced configuration in WHM: (the thing I changed is the addition to the accept domains = +local_domains rule; I added endpass to pass it on to the next rule if it fails and the refusal message "unknown user" and the verify = recipient line. the rest is the same as it is by default. try it out and see how your outgoing mailqueue gets so much smaller!)


accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

This looks like something copied from http://forum.ev1servers.net/showthre...threadid=35346

[cyberspirit]

Markie,
I did not copy anything from the link provided but rather used the documentation and faq's on the exim.org website.
But after looking at the link you provided I can see how they match to some degree which is an indication that it works.
For your info, the example config in your link looks pretty much identical to an example config on the exim.org site. ;-)
Anyway, we need to get darkorb to enter this as default to cut down on outqueue size and traffic that is not needed.

[LordJMann]

Would this possibly fix this?

Exim: Mail delivery failure problems

I think it might be sending the emails but I get a failure copy? As the members seem to show up as validated...

[Website Rob]

Ok, giving:

accept domains = +local_domains
endpass
message = unknown user
verify = recipient

a try to see what happens.

In the meantime, I usually run with:

- Verify the existance of email senders
- Discard emails for users who have exceeded their quota instead of keeping them in the queue.

checked off. Any thoughts/results on what differences it makes, having them on or off?

[cpanelnick]

The above modification will break getting :fail: messages returned to sender in some cases. But it should cut down your mail queue a bit.


require verify = sender

accept domains = +local_domains
---cut here---
endpass
message = The requested mailbox does not exist or is not accepting mail.
verify = recipient
--cut here---
accept domains = +relay_domains
accept hosts = +relay_hosts



The above makes a little more sense as far as the message goes.

[cyberspirit]

Nick,
If the sending mailserver is configured right the sender will get a rejection message from the sending smtp server. If not then this is not really the receivers problem since the receiver's address is wrong anyway.
I saw your proposed change but all you did offer was a different message that is passed onto the sending smtp server. The server itself does not really care about the message but only looks at the error code.
Since we implemented our proposed change our outgoing queue is about 30% of what it was before!
If you multiply that by the amount of resending attempts until the message expires you come up with a lot of wasted cpu time and traffic.
I still believe that sending failure message is the wrong thing to do in this day and age since you might get an error message back since it was a spoofed email address anyway.
This setting should become default for cpanel!

[Website Rob]

Quote:

Originally posted by Website Rob
Ok, giving:

accept domains = +local_domains
endpass
message = unknown user
verify = recipient

a try to see what happens.

In the meantime, I usually run with:

- Verify the existance of email senders
- Discard emails for users who have exceeded their quota instead of keeping them in the queue.

checked off. Any thoughts/results on what differences it makes, having them on or off?

Although no one responded to this part, "- Discard emails for users who have exceeded their quota instead of keeping them in the queue." I noticed eMail in Queue actually went up. Only by turning it off has the Queue gone down to what it was before.

I really don't see, the "endpass" code mentioned, doing anything?

[markie]

Quote:

Originally posted by bdraco
The above modification will break getting :fail: messages returned to sender in some cases. But it should cut down your mail queue a bit.


require verify = sender

accept domains = +local_domains
---cut here---
endpass
message = The requested mailbox does not exist or is not accepting mail.
verify = recipient
--cut here---
accept domains = +relay_domains
accept hosts = +relay_hosts



The above makes a little more sense as far as the message goes.

The whole point being, they dont want to return anything to the sender. Why would they? 99.99% of the time the return is a spammer and returning the msg would fail and pile up in the mail queue because the sender is a spammer. Why would you want to return msgs?

[cyberspirit]

Website Rob,
The endpass line just says that if the scripts fails it will go to the next router in the exim.conf file.
And Markie, you seem to be confused about the term message. We talk about smtp error codes here and the messages that are passed on to the sending smtp server before the data command is even issued. So there is no piling up in the mail queue because we actually prevent it with the change we are discussing here. You might want to read more about smtp error codes and messages and what happens at the different stages to help you understand the difference to a regular message or email.

[Huminie]

Thank you for posting this! This is the exact behavior I am looking for. If the address in the rcpt to: line is not a valid email account on my server, I want the SMTP response to be a 500 series failure...not a 250 accept and a rejection later.

Problem is, I have added the lines above to the appropriate area of my Exim advanced config, however when I do a manual telnet test to my server is is does not seem to be working for me.

Any suggestions on where I should look to get this working?

I am real new with cPanel/WHM so I could easily have missed something obvious.

TIA!

[GOT]

Being that I am pretty much an idiot where it comes to exim, what exactly do I need to put in the advanced configuration? It seems in both examples posted that some of the code is already there and some needs to be added?

Thanks in advance for clarification!

[cyberspirit]

Ok, let me try to be a little clearer on the changes needed to accomplish this:

The original configuration of the ACLs in the exim.conf file in cpanel looks like this: (this is only a part of the ACLs and the rest should not be changed but left untouched)

accept domains = +local_domains
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

These ACLs pretty much define the conditions under which email is accepted after the RCPT command and before the DATA command.
What I did then was to add conditions for the first ACL in this example (accept domains = +local_domains) which is responsible for accepting emails for local domains.
So I added the following lines after accept domains = +local_domains:
endpass
message = unknown user
verify = recipient

These lines do the following. endpass in exim is used to end and pass on the script to the next ACL if the conditions are not met - in this case if the email is not for a local domain.
message is the message that is returned to the sending smtp server with the 550 error code. This message and the error code is then in most cases returned by the sending smtp server! to the sender of the email.
verify = recipient is the line that actually sets the condition for the message. This means if the recipient cannot be verified the message is sent in return to the RCPT command.

So after the change this part of the ACLs looks like this:

accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_domains
accept hosts = +relay_hosts
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *



All the other ACLs do not get changed because it only makes sense to verify recipients on a local system.

Does this help to understand the change and mechanism better?