Re: [Exim] Problems with relaying with DNS errors

Página Inicial
Delete this message
Reply to this message
Autor: Dave C.
Data:  
Para: Christopher Curtis
CC: Exim Users Mailing List
Assunto: Re: [Exim] Problems with relaying with DNS errors
On Mon, 4 Feb 2002, Christopher Curtis wrote:

> Hello,
>
> I'm having a problem: I'm using sender_*_callback functions and providing
> relaying for a domain whose ISP has been RBL'd. Now, this generally works
> fine, but this morning we had some DNS errors, and the callback features
> stopped working. As a result, the mail that was supposed to be relayed
> was being rejected instead. The significant lines are:


You are helping an ISP get to around an RBL??? Why on earth would you do
that? The RBL serves a purpose - they should correct whatever problem
they have that has them on the RBL instead of trying to get around it.

Doing this will likely get *your* servers on the same blacklist.

If the RBL listing is due to open relaying, you might wish to consider
using SMTP auth for the legitimate senders, instead of smtp callbacks.

> sender_verify_hosts_callback = !a.com : !b.com : ... : !relay.com
> sender_verify_callback_domains = !a.com : !b.com : ... : !relay.com


These are not relay checks, the are sender verification checks. The
allow you to try to check if the address given by a host on the MAIL
FROM line is accepted as valid by the mail server for that domain by
making an outbound SMTP session to that server.

> so the relaying host shouldn't even be subject to these checks, but they
> are, and they fail. This is an even bigger problem because many of these
> messages are automatically generated (password requests, receipts, etc)
> and cannot be easily resent.
>
> Is there a way to freeze these messages instead of rejecting them during
> these times of DNS woe?


Suggestion: Use numeric IP addresses in any exim config option with
"hosts" in it. This is a *big* win in terms of both reliability and
speed.