Exim still accepting emails to nonexistent users

Heiko Schlittermann hs at schlittermann.de
Mon Nov 21 10:50:13 UTC 2016 

Hi Marti,

(Please do not send CC to my private account)

Marti Markov <marti1234 at gmail.com> (Mo 21 Nov 2016 03:52:54 CET):
> 
> Here is the router:
> 
>     virtual_aliases:
…
>         hide data = CHECK_VIRTUAL_ALIASES

> local_user:
>   debug_print = "R: local_user for $local_part@$domain"
>   driver = accept
>   domains = +local_domains
> #Dovecot auth check
> #  check_local_user
>   local_parts = ! root
>   transport = dovecot_lmtp
> 
> And this is the transport:
> 
> dovecot_lmtp:
>    driver = lmtp
>    socket = /var/run/dovecot/lmtp
>    #return_path_add
>    #maximum number of deliveries per batch, default 1
>    batch_max = 200

Ok, the router cannot check the existence of the user. check_local_user
won't help you, as long as the $local_part is not a system user locally.

Basically you got 2 possibilities: 

    a) check in the routing stage by accessing the user database
       -> testable with: exim -bv user at exampl.com
    b) check in the transport stage by using a callout
       -> testable with: swaks … --pipe 'exim -bhc i.i.i.i'

a) Routing stage
You need to interact with the user database dovecot uses.
Either you access the user database directory (flat file, LDAP,
whatever) or you use the ${readsocket…} feature of Exim to talk to
dovecot.

b) Transport stage
You need to configure the dovecot LMTP to refuse messages to unknown
uses. This you can test using swaks (it's capable of talking LMTP).
Once this LMTP works (refusing unknown users) you can use callouts for
verification during SMTP time. (exim -bv … will still tell you, that the
message is *routable*, but exim -bh and the pipe mode of swaks may help
you.



Ha ….
>   transport: dovecot_lmtp
> Cannot do callout: neither router nor transport provided a host list

This can be 'fixed' if you use (not tested)

dovecot_lmtp:
    driver = smtp
    protocol = lmtp
    host = localhost
    port = 2525

and have the dovecot LMTP run on a local TCP port

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20161121/e0c21988/attachment.sig>

More information about the dovecot mailing list