> On Sun, 10 Nov 2002, James P. Roberts wrote:
>
> > I don't know about Exim 3, but in Exim 4 you could use something
like
> > this in an ACL:
> >
> > deny message = host in DNS blocking list or DNS data not
available
> > dnslists =
+defer_unknown:relays.ordb.org:relays.osirusoft.com
>
> Which particular ACL were you doing this in?
RCPT
>
> > By the way, if any experts out there have opinions on why I might be
> > doing this wrong, or could be doing it better, please let me know so
I
> > can fix it. I did have one person call to complain their email to
me
> > bounced with that message, even though they are not in the RBLs,
>
> Nevertheless, you _were_ looking them up, so the lookup could have
> timed-out, irrespective of whether they were in fact listed or not.
Exactly. I suspect it is, because, shortly before this happened, I
think I remember clearing out my own DNS server cache, so it might have
been the first DNS lookup on that particular IP since clearing the
cache. (And the first time that happened since I added the
"defer_unknown" option.) No problems since.
>
> > implies a DNS timeout for that particular email, right?
>
> What this is doing is looking up the RBLs for the calling IP, not the
> "email", just to be sure we understand each other...
Correct. The user in question was sending email via a dial-up "email
appliance." I forget the exact ISP involved, but could look it up if
you need the info. One of the larger ones, I think.
>
> > My intent was not to bounce the mail, but to do a temporary reject,
>
> That is indeed what's supposed to happen, if you have +defer_unknown
> to the left of the relevant RBL.
>
> > to permit the sending MTA to retry,
>
> It ought to do that. However, some MTAs seem to react in unexpected
> ways to error codes, depending on which ACL phase you're sending them
> at. The most irritating for me are those which react to a DATA ACL
> 5xx as if it was a retryable error.
>
> It sounds as if you think you've found one (other than spamware, where
> this would be a commendable behaviour ;-) which treats a 4xx as fatal.
Well, I wouldn't be terribly surprised... Since it's a "dial-up email
appliance" arrangement, the ISP might not want to be bothered with
retries.
>
> > Any thoughts?
>
> You are doing what the documentation says you should do!
>
That is good to hear! Thanks.
Jim