Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Sender Verify Exceptions (Exim v4)
dmoon at wrhambrecht
Jun 20, 2002, 9:00 AM
Post #1 of 5 (1267 views)
Permalink
Hello,

I'm trying to come up with the most straightforward method to prevent exim
from doing a sender verify on mail sent from internal hosts. I want to do
sender verify on all messages except those from internal hosts. I've pored
over the documentation, but I am having a little trouble narrowing down on
the exact solution.

I'm running Exim4, and my local_domains config is as follows:

domainlist local_domains = @ : *internal.mydomain.com : mydomain.com

Error from mainlog is:

2002-06-20 02:12:54 H=(host1.internal.mydomain.com) [192.168.12.230] sender
verify fail for <test@host1.internal.mydomain.com>: Unrouteable address
2002-06-20 02:12:54 H=(host1.internal.mydomain.com) [192.168.12.230]
F=<test@host1.internal.mydomain.com> rejected RCPT <user@mydomain.com>:
Sender verify failed

When I first encountered problems with internal hosts and sender verify
rejections, I added the asterix (*internal.mydomain.com) to my local domains
definition, and testing showed the problem fixed. Now, however, I'm running
into the same problem again. Inexplicably, certain users can send fine from
the same machine, while other users get rejected as shown above.

I've found some discussion of this by searching the mailing list, but all of
the discussion seems to be pertaining to Exim verion 3 or earlier.

If anyone can enlighten me, I would be very thankful!

Thanks,

David


****************************************************************************
IMPORTANT NOTICES:
****************************************************************************
This message is intended only for the addressee. Please notify the sender
by email if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this
message or its content to any other person and any such actions may be
unlawful. Electronic mail sent through the Internet is not secure.
WR Hambrecht + Co (WRH+Co) does not accept time sensitive, action-oriented
messages or transaction orders, including orders to purchase or sell
securities, via email.

WRH+Co reserves the right to monitor and review the content of all messages
sent to or from this email address. Messages sent to or from this email
address may be stored on the WRH+Co email system.
****************************************************************************
Re: Sender Verify Exceptions (Exim v4) [ In reply to ]
gward at mems-exchange
Jun 20, 2002, 12:34 PM
Post #2 of 5 (1255 views)
Permalink
On 20 June 2002, David Moon said:
> I'm trying to come up with the most straightforward method to prevent exim
> from doing a sender verify on mail sent from internal hosts. I want to do
> sender verify on all messages except those from internal hosts. I've pored
> over the documentation, but I am having a little trouble narrowing down on
> the exact solution.

You probably have a RCPT ACL with something like this:

require verify = sender

which means, "if Exim cannot verify the sender address, reject all
recipients".

You probably somethine like this:

deny hosts = !127.0.0.1 : !1.2.3.0/24
!verify = sender

which means, "if the message originated somewhere other than 127.0.0.1
or 1.2.3.0/24, *and* Exim cannot verify the sender address, then reject
all recipients".

RTFM for more info -- the spec has a whole chapter on ACLs. Count on
re-reading it several times; it's tricky to understand at first, but
once you get the hang of it, ACLs are loads of fun.

Of course, you'll have to use your local netmask instead of 1.2.3.0/24.

Greg
--
Greg Ward - software developer gward@mems-exchange.org
MEMS Exchange http://www.mems-exchange.org
RE: Sender Verify Exceptions (Exim v4) [ In reply to ]
dmoon at wrhambrecht
Jun 20, 2002, 1:02 PM
Post #3 of 5 (1261 views)
Permalink
Greg,

You are correct on your first assumption. However, I do not have a deny
statement like the one you wrote.

Another thing that I tried was:

require verify = sender
domains = !+local_domains

Thinking that the domains statement would except those senders listed in
local domains.

Alas, I have been RTFM-ing the ACL chapter several times over now and I'm
still having trouble grasping the sytax and order of the commands! I wish
there was a place that had lots of examples and descriptions.

Anyway, I will do more reading and trial-and-error.

Thanks,

- D


> -----Original Message-----
> From: Greg Ward [mailto:gward@mems-exchange.org]
> Sent: Thursday, June 20, 2002 12:34 PM
> To: 'exim-users@exim.org'
> Subject: Re: [Exim] Sender Verify Exceptions (Exim v4)
>
>
> On 20 June 2002, David Moon said:
> > I'm trying to come up with the most straightforward method
> to prevent exim
> > from doing a sender verify on mail sent from internal
> hosts. I want to do
> > sender verify on all messages except those from internal
> hosts. I've pored
> > over the documentation, but I am having a little trouble
> narrowing down on
> > the exact solution.
>
> You probably have a RCPT ACL with something like this:
>
> require verify = sender
>
> which means, "if Exim cannot verify the sender address, reject all
> recipients".
>
> You probably somethine like this:
>
> deny hosts = !127.0.0.1 : !1.2.3.0/24
> !verify = sender
>
> which means, "if the message originated somewhere other than 127.0.0.1
> or 1.2.3.0/24, *and* Exim cannot verify the sender address,
> then reject
> all recipients".
>
> RTFM for more info -- the spec has a whole chapter on ACLs. Count on
> re-reading it several times; it's tricky to understand at first, but
> once you get the hang of it, ACLs are loads of fun.
>
> Of course, you'll have to use your local netmask instead of
> 1.2.3.0/24.
>
> Greg
> --
> Greg Ward - software developer gward@mems-exchange.org
> MEMS Exchange http://www.mems-exchange.org
>
> --
>
> ## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##


****************************************************************************
IMPORTANT NOTICES:
****************************************************************************
This message is intended only for the addressee. Please notify the sender
by email if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this
message or its content to any other person and any such actions may be
unlawful. Electronic mail sent through the Internet is not secure.
WR Hambrecht + Co (WRH+Co) does not accept time sensitive, action-oriented
messages or transaction orders, including orders to purchase or sell
securities, via email.

WRH+Co reserves the right to monitor and review the content of all messages
sent to or from this email address. Messages sent to or from this email
address may be stored on the WRH+Co email system.
****************************************************************************
Re: Sender Verify Exceptions (Exim v4) [ In reply to ]
gward at mems-exchange
Jun 20, 2002, 1:34 PM
Post #4 of 5 (1254 views)
Permalink
On 20 June 2002, I said:
> You probably somethine like this:

Oops: meant to say "You probably want something like this" concerning
this ACL snippet:

> deny hosts = !127.0.0.1 : !1.2.3.0/24
> !verify = sender

Greg
RE: Sender Verify Exceptions (Exim v4) [ In reply to ]
peter at stairways
Jun 20, 2002, 7:27 PM
Post #5 of 5 (1263 views)
Permalink
"require" means everything listed must be true - if any are false,
the message is rejected. If all are true, continue to the next entry.

"deny" means if everything listed is true, then reject the message.
If any are false, continue to the next entry.

"accept" means if everything listed is true, stop and accept the
message. If any are false, continue to the next entry.

So, as Greg mentioned:

> require verify = sender
>
>which means, "if Exim cannot verify the sender address, reject all
>recipients".

> deny hosts = !127.0.0.1 : !1.2.3.0/24
> !verify = sender
>
>which means, "if the message originated somewhere other than 127.0.0.1
>or 1.2.3.0/24, *and* Exim cannot verify the sender address, then reject
>all recipients".

Your (David) attempt:

> require verify = sender
> domains = !+local_domains

Says that you want to reject any message that cannot verify the
sender, and also reject any message that is in the local_domains host
list.

Basically:

require - all items *must* be true, or the mesage is rejected
deny - if all items are true, the message is rejected
accept - if all items are true, the message is accepted

Enjoy,
Peter.

--
<http://www.interarchy.com/> <http://download.interarchy.com/>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal