tags:

views:

301

answers:

1

I have exim 4 on my backup MX server. I'd like to configure it so that sender callout address verification is done, but only where the domain part of the sender address is listed in local_domains or relay_to_domains i.e. the mail purports to be from a domain I manage.

I want to use this because my primary MX will reject messages which have a forged sender address at one of the local domains, which causes the secondary to send a unwanted bounce message. This also gets rejected by the primary, and the unwanted bounce sits in the mail queue on the secondary for eternity (or until it expires)/

I already have recipient callout verification working.

+1  A: 

Put the following into the RCPT-TO ACL:

deny
    sender_domains = +local_domains : +relay_to_domains
    ! verify = sender/callout

In the long run, you'll probably want to find a way to synchronize the list of valid recipients to the secondary MX.

hillu
I needed to add a + before the relay_to_domains, but otherwise this works fine - thanks.
Ian Gregory