(slightly edited mail to include the relevant references from previous messages) Date: Wed, 09 Oct 2002 18:42:07 +0200 From: Martijn Grendelman To: Mark Martinec Message-id: <053601c26fb2$ce9135c0$270a010a@ilsead.net> From: Martijn Grendelman > The problem occurs when I send a single message to different addresses that > are handled by the same server. For example, martijn@grendelman.net is my > own, valid address and gekkehenkie@grendelman.net is a non-existent address > in the same domain. > When amavis tries to deliver the message to the second instance of Exim > (at port 10025), the mail _as a whole_ gets rejected, because Exim will not > accept _one of the recipients_. Therefor, the firs Exim (at 25) rejects the > message for all recipients as well. Here are some logs to illustrate: From: Mark Martinec | ... There is the third option. I don't know how this is with Exim, | but in the Postfix setup this comes by default and is the reason | why there are not more complaints like yours: the first MTA instance | should be able to check the validity of recipient address. From: Martijn Grendelman > I _think_ there is a way to do this with Exim too, but it requires > a little more hacking in the config file. ... My idea is to duplicate > each router, add an incoming port condition and change it to send > the message to amavisd instead of the original destination if the > condition is met. ... This way, messages will be sent to amavisd > only after a router is matched, and this is what we want. Well, here it is... I decided to be verbose, I hope you don't mind. Feel free to use this in any README's as you see fit. It's not perfect yet, I will explain below. First let me tell you what I did. The filosophy is, that I only want those routers that perform an actual delivery to pass the message to amavisd. Routers that redirect (like system_aliases and userforward) will eventually route the message through a delivering router later, so scanning will take place when that happens. The only problem (the imperfection) is with pipes and appending to files, because in those cases, no other router will be used. This means if you use a pipe or try to append to a file from the aliases file or from a .forward file (i.e. procmail!), no scanning will take place. At this time, I don't have a solution for this yet, and by reading around the Exim docs a bit, I know there can't be an easy one. I think I should mention that I use Exim for "real" as well as virtual mailboxes, using a MySQL backend. The first router, at the top of the list is: amavis: driver = manualroute domains = ! +local_domains condition = "${if or {{eq {$interface_port}{10025}} \ {eq {$received_protocol}{spam-scanned}} \ }{0}{1}}" route_list = "* localhost byname" transport = amavis self = send This one takes care of all non-local domains, i.e. mail that is routed to a remote server later. Since Exim will always accept and queue messages with remote destinations, the problem of amavisd rejecting valid addresses does not occur. Note that "+local_domains" means the use of a variable of type "domainlist", defined earlier like this: LOCAL_DOMAINS = localhost : mydomain.com : myotherdomain.com VIRTUAL_DOMAINS = mysql;MYSQL_DOMAIN domainlist local_domains = LOCAL_DOMAINS : VIRTUAL_DOMAINS MYSQL_DOMAIN is, in its turn, a variable containing an SQL query for retrieving domain names from the database, but let's not go there ;) The second new router is inserted just before the "localuser" router, that matches for local (unix) mailboxes: localuser_amavis: driver = manualroute domains = LOCAL_DOMAINS condition = "${if or {{eq {$interface_port}{10025}} \ {eq {$received_protocol}{spam-scanned}} \ }{0}{1}}" route_list = "* localhost byname" check_local_user transport = amavis self = send This one matches only the real (non-virtual) local domains, and it checks the local part of the recipient with the "check_local_user" directive. The message only gets passed to amavisd, if the local user exists. The third (and last) new router, is the one that matches virtual local users. It is inserted just before the router that handles the actual delivery to those users (included here just to illustrate, since it's not standard Exim configuration; most people won't need this): virtual_localuser_amavis: driver = manualroute domains = ${lookup mysql {MYSQL_USER}{$value}} condition = "${if or {{eq {$interface_port}{10025}} \ {eq {$received_protocol}{spam-scanned}} \ }{0}{1}}" route_list = "* localhost byname" retry_use_local_part transport = amavis self = send virtual_local_user: driver = accept domains = ${lookup mysql {MYSQL_USER}{$value}} retry_use_local_part transport = virtual_delivery The only difference with the earlier routers is the way the local part gets checked. In this case, a MySQL query is used to determine the matching domains, and the actual query makes sure that no domains match if the local part is invalid. I hope this is helpful in some way. Best regards, Martijn. ------------- Date: Mon, 03 May 2004 14:26:25 +0100 From: Tony Middleton tony at middleton dot name Subject: Use of Amavis with EXIM 4. I have been reading the 2 appandices to the README for EXIM 4 related to problems validating addresses. I may be missing the point entirely but I would have thought a simpler solution would have been to put the amavis router at the top with a "no_verify" parameter. This is what I currently do with amavis-ng and it seems to work OK. Please feel free to ignore this message if I am talking rubbish. Regards Tony Middleton.