Hi all, I’m having a bit of a hard time blocking/denying/dropping emails when my user doesn’t exist. Sometimes it works, others it does not:
2016-11-22 18:36:21 no IP address found for host 138-94-193-118.spoffeddomain.com (during SMTP connection from [138.94.193.118]) 2016-11-22 18:36:23 1c9EzW-0003G8-0k <= [email protected] H=(138-94-193-118.spoffeddomain.com) [138.94.193.118] P=esmtp S=7496 [email protected] 2016-11-22 18:36:23 1c9EzW-0003G8-0k ** [email protected]: Unrouteable address 2016-11-22 18:36:23 1c9EzX-0003GC-M4 <= <> R=1c9EzW-0003G8-0k U=Debian-exim P=local S=8326 2016-11-22 18:36:23 1c9EzW-0003G8-0k Completed 2016-11-22 18:36:26 1c9EzX-0003GC-M4 ** [email protected] <[email protected]> R=dnslookup T=remote_smtp X=TLS1.0:RSA_AES_128_CBC_SHA1:128 DN="OU=Domain Control Validated,OU=EssentialSSL Wildcard,CN=*.kinghost.net": SMTP error from remote mail server after RCPT TO:<[email protected]>: host mx-vip-01-farm64.kinghost.net [177.185.200.35]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in relay recipient table 2016-11-22 18:36:26 1c9EzX-0003GC-M4 Frozen (delivery error message) Sometimes I get this: 2016-11-22 18:37:20 no IP address found for host fm-dyn-118-137-20-217.spoffeddomain2.com (during SMTP connection from [118.137.20.217]) 2016-11-22 18:37:26 1c9F0T-0003H3-4D <= [email protected] H=(fm-dyn-118-137-20-217.spoffeddomain2.com) [118.137.20.217] P=esmtp S=7175 [email protected] 2016-11-22 18:37:26 1c9F0T-0003H3-4D ** [email protected]: Unrouteable address 2016-11-22 18:37:26 1c9F0Y-0003H8-FJ <= <> R=1c9F0T-0003H3-4D U=Debian-exim P=local S=7997 2016-11-22 18:37:26 1c9F0T-0003H3-4D Completed But later on in the logs I get: 2016-11-22 18:39:33 1c9F0Y-0003H8-FJ mx1.fast.net.id [202.73.97.28] Connection timed out 2016-11-22 18:39:33 1c9F0Y-0003H8-FJ == [email protected] <[email protected]> R=dnslookup T=remote_smtp defer (110): Connection timed out This one is the most interesting one: 2016-11-22 23:13:27 1c9JJe-0004uw-JC <= [email protected] H=37-17-254-232.customer.universal.se [37.17.254.232] P=smtp S=3465 id=7035836211513-bubrpovzeaeovbkmcu...@dns90.artisticskylight.com 2016-11-22 23:13:27 1c9JJe-0004uw-JC ** [email protected]: Unrouteable address 2016-11-22 23:13:27 1c9JJf-0004v0-SP <= <> R=1c9JJe-0004uw-JC U=Debian-exim P=local S=4288 2016-11-22 23:13:28 1c9JJe-0004uw-JC Completed 2016-11-22 23:13:29 1c9JJf-0004v0-SP ** [email protected] R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<[email protected]>: host mail.spoffeddomain3.com [72.32.90.11]: 550 5.1.1 <[email protected]>... User unknown 2016-11-22 23:13:29 1c9JJf-0004v0-SP Frozen (delivery error message) Is this supposed to be correct? If my server says that [email protected] is Unrouteable address then why would the server try to deliver the message 1c9JJe-0004uw-JC back to the user? Here is an output for checking deliverability: root@mail:~# exim -bt [email protected] R: system_aliases for [email protected] R: Check address using virtual_aliases for [email protected] R: local_user LDAP lookup for [email protected] [email protected] is undeliverable: Unrouteable address My users are in LDAP storage and I started doing LDAP verification of the addresses in the routers: local_user: debug_print = "R: local_user LDAP lookup for $local_part@$domain" driver = accept domains = +local_domains #LDAP auth check condition = CHECK_VIRTUAL_USER transport = dovecot_lmtp cannot_route_message = Unknown user virtual_aliases: driver = redirect debug_print = "R: Check address using virtual_aliases for $local_part@$domain" allow_fail allow_defer hide data = CHECK_VIRTUAL_ALIASES user = vmail group = mail I have ran exim -d -bhc 129.123.123.123 and this is the last part of the output: virtual_aliases router declined for [email protected] --------> local_user router <-------- local_part=asd domain=mydomain.com checking domains cached yes match for +local_domains cached lookup data = NULL mydomain.com in "+local_domains"? yes (matched "+local_domains" - cached) R: local_user LDAP lookup for [email protected] checking "condition" search_open: ldap "NULL" cached open search_find: file="NULL" key="user="cn=exim4,ou=dsa,dc=mydomain,dc=com" pass=LDAP_PASSWORD ldap:///dc=mydomain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)([email protected]))" partial=-1 affix=NULL starflags=0 LRU list: :/etc/aliases End internal_search_find: file="NULL" type=ldap key="user="cn=exim4,ou=dsa,dc=mydomain,dc=com" pass=LDAP_PASSWORD ldap:///dc=mydomain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)([email protected]))" database lookup required for user="cn=exim4,ou=dsa,dc=mydomain,dc=com" pass=LDAP_PASSWORD ldap:///dc=mydomain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)([email protected])) LDAP parameters: user=cn=exim4,ou=dsa,dc=mydomain,dc=com pass=LDAP_PASSWORD size=0 time=0 connect=0 dereference=0 referrals=on perform_ldap_search: ldap URL = "ldap:///dc=mydomain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)([email protected]))" server=127.0.0.1 port=389 sizelimit=0 timelimit=0 tcplimit=0 after ldap_url_parse: host=127.0.0.1 port=389 re-using cached connection to LDAP server 127.0.0.1:389 Start search search ended by ldap_result yielding 101 ldap_parse_result: 0 ldap_parse_result yielded 0: Success LDAP search: no results lookup failed local_user router skipped: condition failure --------> mail4root router <-------- local_part=asd domain=mydomain.com checking domains cached yes match for +local_domains cached lookup data = NULL mydomain.com in "+local_domains"? yes (matched "+local_domains" - cached) checking local_parts asd in "root"? no (end of list) mail4root router skipped: local_parts mismatch no more routers ----------- end verify ------------ require: condition test failed in ACL "acl_check_rcpt" SMTP>> 550 Unrouteable address 550 Unrouteable address LOG: MAIN REJECT H=(forged.domain.name) [129.123.123.123] F=<[email protected]> rejected RCPT [email protected]: Unrouteable address What the hell is going on? :D -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
