Exim - feladó ellenőrzése

Sziasztok!

Exim4-et használok Debian 6.0 alatt. WEB hosting szerverről van szó, van tehát sok domain, még több e-mail címmel.
Jelen esetben a probléma az, hogy buta egyszerű php programokkal lehet úgy levelet kiküldeni, hogy nincs ellenőrizve a feladó.
Jelen helyzetben tehát üresen hagyott feladóval, bármilyen "belehazudott" e-mail címmel kiküldi a levelet.
Nyilván a fogadó oldali SMTP szerverek beállításaitól függően vagy elfogadják a leveleket, vagy nem. Ez utóbbiak megfigyelésem szerint "frozen" állapottal a mail queue-ban maradnak, az exim pedig próbálkozik velük napokig.

Azt szeretném megoldani, hogy csak létező domain nevében, létező e-mail címmel lehessen levelet küldeni. Az Eximben nem vagyok nagyon jártas, ismerkedek vele.
Természetesen keresgéltem a neten, találtam ilyet headers_sender_verify = yes és ilyet headers_checks_fail = yes, de sehogysem fogadta el az Exim. Még az ACL-ek elé írtam be, a globális részbe.

Ilyen hibaüziket adott:

2011-08-24 10:00:53 Exim configuration error in line 63 of /var/lib/exim4/config.autogenerated.tmp:
main option "headers_sender_verify" unknown
2011-08-24 10:01:19 Exim configuration error in line 63 of /var/lib/exim4/config.autogenerated.tmp:
main option "headers_checks_fail" unknown

A konfig fájlom jelenleg ilyen:

-----------------------------------------------------------------------------------------------------------------------------------
smtp_banner = "${primary_hostname} ESMTP"
POSTGREY_SOCKET = /var/run/postgrey.socket
SPAMCBIN=/usr/bin/spamc
EXIMBIN=/usr/sbin/exim4
log_selector = \
+all_parents \
+lost_incoming_connection \
+received_sender \
+received_recipients \
+tls_cipher +tls_peerdn \
+smtp_confirmation \
+smtp_syntax_error \
+smtp_protocol_error

# CONFDIR=__ISP_CONFDIR__
# daemon_smtp_port = 25:465
# tls_certificate = CONFDIR/certificate.crt
# tls_privatekey = CONFDIR/certificate.key
# tls_on_connect_ports = 465

.ifdef MAILMAN_ENABLE
MAILMAN_HOME=__MAILMAN_HOME__
MAILMAN_WRAP=__MAILMAN_WRAP__
MAILMAN_USER=__MAILMAN_USER__
MAILMAN_GROUP=__MAILMAN_GROUP__
.endif

trusted_groups = mgrsecure
trusted_users = www-data

domainlist local_domains = lsearch;/etc/exim4/domains
domainlist dummy_domains =
hostlist relay_from_hosts = 127.0.0.1 : xxx.xxx.xxx.xxx

domainlist relay_to_domains = lsearch;/etc/exim4/domains
exim_user = Debian-exim
exim_group = Debian-exim

never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

begin acl
acl_check_rcpt:
accept hosts = net-lsearch;/etc/exim4/whitelist

deny hosts = net-lsearch;/etc/exim4/blacklist
message = $host_data

deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]

deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

accept local_parts = postmaster
verify = recipient
domains = +local_domains

require verify = sender

accept hosts = +relay_from_hosts
control = submission

accept authenticated = *
condition = ${if eq{${extract{5}{:}{${lookup{$authenticated_id}lsearch{/etc/exim4/passwd}}}}}{no} {yes}{no}}
condition = ${if eq{${extract{3}{:}{${lookup{${domain:$authenticated_id}}lsearch{/etc/exim4/domains}}}}}{no} {yes}{no}}
control = submission/domain=

deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text

dnslists = ${readfile {/etc/exim4/dnsblists}{:}}
require message = relay not permitted
domains = +local_domains : +relay_to_domains

require verify = recipient

.ifdef POSTGREY_SOCKET
defer log_message = greylisted host $sender_host_address
set acl_m0 = request=smtpd_access_policy\nprotocol_state=RCPT\nprotocol_name=${uc:$received_protocol}\nhelo_name=$sender_helo_name\nclient_address=$sender_host_address\nclient_name=$sender_host_name\nsender=$sender_address\nrecipient=$local_part@$domain\ninstance=$sender_host_address/$sender_address/$local_part@$domain\n\n
set acl_m0 = ${sg{${readsocket{POSTGREY_SOCKET}{$acl_m0}{5s}{}{action=DUNNO}}}{action=}{}}
message = ${sg{$acl_m0}{^\\w+\\s*}{}}
condition = ${if eq{${uc:${substr{0}{5}{$acl_m0}}}}{DEFER}{true}{false}}
.endif

accept

acl_check_data:
accept

begin routers
dnslookup:
driver = dnslookup
domains = !+dummy_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
self = pass
no_more

disabled_domains:
driver = redirect
condition = ${extract{3}{:}{${lookup{$domain}lsearch{/etc/exim4/domains}}}}
allow_fail = yes
data = :fail: Domain disabled
no_more

disabled_users:
driver = redirect
condition = ${extract{5}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/passwd}}}}
allow_fail = yes
data = :fail: User disabled
no_more

local_domains:
driver = redirect
data = ${quote_local_part:$local_part}@${extract{1}{:}{${lookup{$domain}lsearch{/etc/exim4/domains}}}}
cannot_route_message = Unknown user
no_more

.ifdef SA_ENABLE
spamcheck_router:
no_verify
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}}} {1}{0}}"
driver = accept
transport = spamcheck
.endif

group_aliases:
driver = redirect
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/aliases}}}}
condition = ${if and{\
{exists{/etc/exim4/aliases}}\
{eq {${extract{2}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/aliases}}}}} {group} }\
} {yes} {no} }
redirect_router = a_dnslookup
pipe_transport = address_pipe

aliases:
driver = redirect
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/aliases}}}}
condition = ${if exists{/etc/exim4/aliases} {yes} {no} }
pipe_transport = address_pipe

local_users:
driver = redirect
condition = ${lookup {$local_part@$domain} lsearch {/etc/exim4/passwd} {yes} {no} }
data = $local_part@$domain
redirect_router = autoreplay

.ifdef MAILMAN_ENABLE
mailman:
driver = accept
require_files = MAILMAN_HOME/lists/$local_part/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : -confirm+* : -join : -leave : -owner : -request : -admin : -subscribe : -unsubscribe
transport = mailman

mailman_isp:
driver = accept
require_files = MAILMAN_HOME/lists/$local_part-$domain/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : -confirm+* : -join : -leave : -owner : -request : -admin : -subscribe : -unsubscribe
transport = mailman_isp
.endif

catchall_for_domains:
driver = redirect
headers_add = X-redirected: yes
data = ${extract{2}{:}{${lookup{$domain}lsearch{/etc/exim4/domains}}}}
file_transport = local_delivery

unknown_users:
driver = redirect
allow_fail = yes
data = :fail: Unknown user
no_more

autoreplay:
driver = accept
condition = ${if exists{${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/passwd}}}}/message.txt} {yes} {no}}
retry_use_local_part
transport = address_reply
unseen

localuser:
driver = accept
transport = local_delivery

# Same routers without autoreplay

a_dnslookup:
driver = dnslookup
domains = !+dummy_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
self = pass
no_more

a_disabled_domains:
driver = redirect
condition = ${extract{3}{:}{${lookup{$domain}lsearch{/etc/exim4/domains}}}}
allow_fail = yes
data = :fail: Domain disabled
no_more

a_disabled_users:
driver = redirect
condition = ${extract{5}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/passwd}}}}
allow_fail = yes
data = :fail: User disabled
no_more

a_local_domains:
driver = redirect
data = ${quote_local_part:$local_part}@${extract{1}{:}{${lookup{$domain}lsearch{/etc/exim4/domains}}}}
cannot_route_message = Unknown user
redirect_router = a_dnslookup
no_more

a_aliases:
driver = redirect
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/aliases}}}}
condition = ${if exists{/etc/exim4/aliases} {yes} {no} }
redirect_router = a_dnslookup
pipe_transport = address_pipe

a_local_users:
driver = accept
transport = local_delivery
condition = ${lookup {$local_part@$domain} lsearch {/etc/exim4/passwd} {yes} {no} }

.ifdef MAILMAN_ENABLE
a_mailman:
driver = accept
require_files = MAILMAN_HOME/lists/$local_part/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : -confirm+* : -join : -leave : -owner : -request : -admin : -subscribe : -unsubscribe
transport = mailman

a_mailman_isp:
driver = accept
require_files = MAILMAN_HOME/lists/$local_part-$domain/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : -confirm+* : -join : -leave : -owner : -request : -admin : -subscribe : -unsubscribe
transport = mailman_isp
.endif

a_catchall_for_domains:
driver = redirect
headers_add = X-redirected: yes
data = ${extract{2}{:}{${lookup{$domain}lsearch{/etc/exim4/domains}}}}
file_transport = local_delivery
redirect_router = a_dnslookup

begin transports
remote_smtp:
driver = smtp
hosts_avoid_tls = *

local_delivery:
driver = appendfile
directory = ${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/passwd}}}}/.maildir
maildir_format
delivery_date_add
envelope_to_add
return_path_add
mode = 0660
quota = ${extract{3}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/passwd}}}}M
quota_warn_threshold = 75%
use_lockfile = no
no_mode_fail_narrower
user = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/passwd}}}}
group = ${extract{2}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/passwd}}}}

address_pipe:
driver = pipe
ignore_status
return_output
use_shell

address_reply:
driver = autoreply
headers = ${readfile{${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/passwd}}}}/message.txt}}
to = $sender_address

.ifdef MAILMAN_ENABLE
mailman_isp:
driver = pipe
command = MAILMAN_WRAP '${if def:local_part_suffix {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} {post}}' $local_part-$domain
current_directory = MAILMAN_HOME
home_directory = MAILMAN_HOME
user = MAILMAN_USER
group = MAILMAN_GROUP

mailman:
driver = pipe
command = MAILMAN_WRAP '${if def:local_part_suffix {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} {post}}' $local_part
current_directory = MAILMAN_HOME
home_directory = MAILMAN_HOME
user = MAILMAN_USER
group = MAILMAN_GROUP
.endif

.ifdef SA_ENABLE
spamcheck:
debug_print = "T: spamassassin_pipe for $local_part@$domain"
driver = pipe
command = EXIMBIN -oMr spam-scanned -bS
use_bsmtp
transport_filter = SPAMCBIN
home_directory = "/tmp"
current_directory = "/tmp"
user = Debian-exim
group = Debian-exim
return_fail_output
message_prefix =
message_suffix =
.endif

begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite
.ifdef MAILMAN_ENABLE
\N^(.*<)?([^<]*)@([^>]*).*$\N "${if exists{MAILMAN_HOME/lists/${sg{$2}{-$3.*}{-$3}}/config.pck} {${sg{$0} {-$3} {}}} {$0} }" S
\N^(.*<)?([^<]*)@([^>]*).*$\N "${if exists{MAILMAN_HOME/lists/${sg{$2}{-$3.*}{-$3}}/config.pck} {${sg{$0} {-$3} {}}} {$0} }"
.endif

begin authenticators

cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${extract {6} {:} {${lookup{$1}lsearch{/etc/exim4/passwd}}}}
server_set_id = $1

plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if and{{!eq{$3}{}} {eq {$3} {${extract {6} {:} {${lookup{$2}lsearch{/etc/exim4/passwd}}}}}}} {yes} {no} }
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if and{{!eq{$2}{}} {eq {$2} {${extract {6} {:} {${lookup{$1}lsearch{/etc/exim4/passwd}}}}}}} {yes} {no} }
server_set_id = $1

-----------------------------------------------------------------------------------------------------------------------------------
Hogyan és mit kellene beállítani ahhoz, hogy ellenőrizze le a feladó létezését, mielőtt kézbesíti a levelet?

Előre is köszi!