著者: Christopher Curtis 日付: To: Dave C. CC: Exim Users Mailing List 題目: Re: [Exim] Problems with relaying with DNS errors
On Mon, 4 Feb 2002, Dave C. wrote:
> On Mon, 4 Feb 2002, Christopher Curtis wrote:
>
> > Hello,
> >
> > I'm having a problem: I'm using sender_*_callback functions and providing
> > relaying for a domain whose ISP has been RBL'd. Now, this generally works
> > fine, but this morning we had some DNS errors, and the callback features
> > stopped working. As a result, the mail that was supposed to be relayed
> > was being rejected instead. The significant lines are:
>
> You are helping an ISP get to around an RBL??? Why on earth would you do
> that? The RBL serves a purpose - they should correct whatever problem
> they have that has them on the RBL instead of trying to get around it.
>
> Doing this will likely get *your* servers on the same blacklist.
This is not the situation. We have several facilities, including one
which we just opened. I've setup a box at this new facility expecting to
be able to send mail. However, this facility shares IP address space with
someone else who hosts a website that was advertised in spam sent from a
wholly different facility. As a result, all 32 Class Cs at this new
facility are on one or more facist RBL lists. Outblaze.com (a provider of
free email services services) is our biggest problem, but there have been
others as well. This is *my* mail, that I have to route around, because
of some overzealous RBLs.
> > sender_verify_hosts_callback = !a.com : !b.com : ... : !relay.com
> > sender_verify_callback_domains = !a.com : !b.com : ... : !relay.com
>
> > so the relaying host shouldn't even be subject to these checks, but they
> > are, and they fail. This is an even bigger problem because many of these
> > messages are automatically generated (password requests, receipts, etc)
> > and cannot be easily resent.
> >
> > Is there a way to freeze these messages instead of rejecting them during
> > these times of DNS woe?
>
> Suggestion: Use numeric IP addresses in any exim config option with
> "hosts" in it. This is a *big* win in terms of both reliability and
> speed.
I'll do that for the callback exclusions, but that doesn't solve my
problem. The callback depends on DNS for its routines, but if DNS is
down, it generates a hard error to the host expecting to use me as a
relay. That sucks because there are no users on this server - everything
is automatically generated, and isn't easily regenerated.