[Exim] Sender responds to "try later" by delegating to secon…

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: [Exim] Sender responds to "try later" by delegating to secondary MX
There's an irritating scenario which we encounter from time to time.

A sender (usually, but not always, a spammer) gets one of these kind
of responses from us (suitably anonymised):

2001-09-04 11:55:19 15eDrS-0006Nm-00 rejected from where.ev.er
(wotsit) [192.168.66.6]: temporarily unable to verify sender address
<spammer@???> (try later)

The sender then responds to this by sending the message to our
secondary MX instead - and that server then spends the next few days
hassling us in good faith to accept the message.

Obviously I wouldn't want to damage our ability to recover from
temporary network problems, which could cause similar symptoms; and
I'm not complaining about our secondary MX's general retry policy (Hi
Chris!) nor trying to make life more complicated for them. But when
the above scenario occurs, it's irritating to have our error log
splattered with these repeated "temporarily unable to verify sender
address (try again later)" reports, and when I spot them in progress,
it's become my habit to put the sender's address manually into our
file of "very bad senders":

sender_reject = /etc/exim/verybad_senders

so that the next time the secondary MX tries to deliver, the mail gets
hard-failed instead.

(Normally, we blacklist bad senders via a sender_reject_recipients
entry: but that doesn't achieve anything for the above scenario, since
the sender already gets soft-failed on the "temporarily unable to
verify" test, before the sender_reject_recipients list is consulted,
right? Hence the need to use sender_reject to make the hard failure
stick.)

Anyhow, I was wondering whether anyone has come up with a better
strategy for handling the above situation?

cheers