[COLUG] Re: Exim4 Recipient Whitelisting (Dave Maxwell)

Drew saphetiger at post891.org
Tue Sep 25 10:56:05 EDT 2007 

Message: 1
> Date: Sat, 22 Sep 2007 09:06:16 -0400
> From: Dave Maxwell <dmaxwell at columbus.rr.com>
> Subject: [COLUG] Exim4 Recipient Whitelisting
> To: Central OH Linux User Group <colug432 at colug.net>
> Message-ID: <200709220906.16566.dmaxwell at columbus.rr.com>
> Content-Type: text/plain;  charset="us-ascii"
>
> I have an Exim4 instance in front of an Exchange 2000 server acting as a 
> ClamAV/SpamAssassin filter.  Exchange 2000 does a very very braindead thing 
> with non-existent users.  It will quietly accept the mail then mail a bounce 
> to the From: an hour or two later. This makes deliberate use of blowback for 
> spam bouncing trivially easy. Doing a callout/verify on the Exim4 side 
> doesn't work as Exchange will vouch for any To: that has 
> @exchange_servers_domain.com.  Exchange 2000 simply doesn't have the ability 
> terminate at SMTP receive time mails to non-existant recipients.
>   

> What I need to do is simply give Exim4 a list of valid recipients.  I could 
> then reject mails to non-existent recipients at SMTP connection time.  It is 
> a small business with low turnover and having small text file on the Exim4 
> side of valid recipients is an entirely practical means to deal with this.
>   
First question, why not just use exim? It seems a little redundant to 
run both exim and Exchange. My company had a client that relied almost 
exclusively on email for his buisness. He had a similar solution as 
yours. His solution to a similar problem was to setup the exim server to 
acutally have the email accounts. He then setup exchange to poll these 
accounts. His clients then logged into the server and pulled the 
messages. It still seems to me that the simplest way would be to just 
run exim.
> I've found many many howtos on Sender verification and almost everything I've 
> found on recipient verification assumes a callout to the smarthost works 
> correctly.
>
> The only other way I've found to do it is to make Exim4 query Active Directory 
> over LDAP to test recipient validity.  If I have no choice, I'll do it that 
> way but I'd prefer something less 'brittle'.
>
> Thanks
>
> Dave
>
>

More information about the colug432 mailing list