Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

acl_check_rcpt problems (using catchall router)

  

 
exim users RSS feed   Index | Next | Previous | View Threaded


mattxggroups at gmail

Feb 10, 2012, 12:43 PM

Post #1 of 2 (229 views)
Permalink
acl_check_rcpt problems (using catchall router)
I'm using exim4 with a catchall router to forward mail to a java process.
The java process users are the valid recipients. I'm trying to reduce the
amount of spam routed to the java process by whitelisting the users in exim.

I have tried this in my config file

acl_check_rcpt:

deny message = invalid recipient

domains = thedomain.com

recipients = !/etc/exim4/recipients_whitelist

Along with about a billion other things. I have verified that if I rewrite
the condition as just "deny" or "deny recipients = foobar [at] thedomain"
the message is rejected but I cannot get the whitelisting approach to work.
I have also tried inverting the logic to accept the whitelisted users but
that does not work either.

Here is my router

outer_catchall:

driver = accept

transport = dev_null_transport

I appreciate the help.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim-users at spodhuis

Feb 11, 2012, 3:13 AM

Post #2 of 2 (214 views)
Permalink
Re: acl_check_rcpt problems (using catchall router) [In reply to]
On 2012-02-10 at 15:43 -0500, Matt X wrote:
> I'm using exim4 with a catchall router to forward mail to a java process.
> The java process users are the valid recipients. I'm trying to reduce the
> amount of spam routed to the java process by whitelisting the users in exim.

I'll answer the question as asked, which is more complicated, then
answer a simpler question which is what I think you actually want.

Taken literally, and more complex:

Add no_verify to the Router which invokes the Java process. Let's
pretend that's called "foo_catchall".

Add an "foo_catchall_whitelist" Router. Give it the "verify_only"
option.

At this point, the first Router handles emails but not ACL verification,
but the second Router handles verification but will never take messages.
The two work in concert.

You can then make foo_catchall_whitelist use a local_parts pre-condition
to implement policy. If you need to match full addresses, you can use
$local_part@$domain as a lookup key in a condition option.


Taken less literally:

If you only want certain addresses to go to the Java process, ignore
no_verify/verify_only, and just put the condition/precondition directly
on the Router which invokes the message. Why declare it to be a
catchall, when it's not really a catchall? It's "the final Router,
which handles this list of users". I suspect you've gotten trapped into
a mindset of thinking of it as a catchall because that's what it's
called, when really you don't want it to be.

Separately:

JVM startup overhead is not lightweight and you lose all the advantages
of JIT when your processes are short-lived. You *really* want to
investigate turning the Java process into a daemon which accepts
messages via LMTP and then have Exim deliver to it over LMTP. LMTP
systems don't need to worry about spooling or the like, so Exim acts as
your spooling buffer in front, and you can give per-recipient delivery
results with LMTP.

Regards,
--
https://twitter.com/syscomet

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.