Exim: recipient verification with callout to LMTP server

Question

I want to make Exim perform recipient verification with a callout to the LMTP server during processing of the RCPT ACL.

I have the following router:

virtual_account:
    domains = +virtual_domains
    driver = accept
    transport = dovecot

and transport:

dovecot:
    driver = lmtp
    socket = /var/run/dovecot/lmtp

When ACL processing reaches the following statement:

warn
    domains = +virtual_domains
    verify = recipient/callout

the callout is not attempted:

$ exim -d -bhc 1.2.3.4
...
RCPT TO: test@example.com
>>> using ACL "acl_check_rcpt"
...
processing "warn"
check domains = +virtual_domains
cached yes match for +virtual_domains
cached lookup data = example.com
example.com in "+virtual_domains"? yes (matched "+virtual_domains" - cached)
check verify = recipient/callout
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Verifying test@example.com
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Considering test@example.com
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing test@example.com
...
--------> virtual_account router <--------
local_part=test domain=example.com
checking domains
cached yes match for +virtual_domains
cached lookup data = example.com
example.com in "+virtual_domains"? yes (matched "+virtual_domains" - cached)
R: virtual_account for test@example.com
calling virtual_account router
virtual_account router called for test@example.com
  domain = example.com
queued for dovecot transport: local_part = test
domain = example.com
  errors_to=NULL
  domain_data=example.com localpart_data=NULL
routed by virtual_account router
  envelope to: test@example.com
  transport: dovecot
Cannot do callout: neither router nor transport provided a host list
----------- end verify ------------
warn: condition test succeeded in ACL "acl_check_rcpt"

I guess the lmtp transport is unable to do callouts, but I'd appreciate a second opinion.

AnFi · Accepted Answer · 2019-07-29T22:36:30.130

3

AFAIR Exim can do recipient email verification via LMTP over internet socket (you use Unix socket).

Exim LMTP callouts for recipient existence verification - The document describes how to make Exim4 check in real time presence of Cyrus (IMAP) mailbox using exim's (LMTP) callouts.

The original version had been available at http://anfi.homeunix.org/exim/rtvcyrus.html.
The link above points to the archived version.

edited Jul 29 '19 at 22:36

answered Jul 30 '13 at 20:29

AnFi

5,883
1
12
26

That did the trick! The only disadvantage is that now my LMTP server is exposed to any process on the system. Fortunately iptables can help here: `iptables -A OUTPUT --out-interface lo --protocol tcp --dport 24 --match owner ! --uid-owner Debian-exim --jump REJECT --reject-with icmp-admin-prohibited` prevents ant other processes from interfering with the LMTP service on port 23. – Sam Morris Jul 31 '13 at 02:07
You may consider reporting it a the bug (no verification over Unix sockets). – AnFi Jul 31 '13 at 04:18
In fact I found this bug while searching: . Shame their `robots.txt` file prevents search engines from indexing the bugs. :( – Sam Morris Jul 31 '13 at 12:47
It is a pretty old wish (year 2004) :-) – AnFi Jul 31 '13 at 17:54

Exim: recipient verification with callout to LMTP server

1 Answers1