[Exim] if exim users are going to use this damn stupid sende…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Users Mailing List
Date:  
À: Exim Users Mailing List
Sujet: [Exim] if exim users are going to use this damn stupid sender verify feature....
If exim users are going to use this damn stupid instantaneous sender
verify callout function then they'd bloody well better make sure their
own mailers and DNS are in 101% tip-top _perfect_ shape first!

Sorry Richard, but your DNS/mailer gets to be the example:

04/16/2003 17:09:49: [9567] [m195u8f-000B3mC] Deferred TO:rwelty@??? ROUTER:bind_hosts TRANSPORT:inet_zone_bind_smtp ERROR:(ERR188) remote processing error reported by inet_zone_bind_smtp transport:
451 Could not complete sender verify callout

Of course it couldn't complete the sender verify callout! The
mailer/DNS at krusty-motorsports.com is broken!!!!

Not only is there no valid A RR for krusty1.krusty-motorsports.com (the
hostname given in the SMTP greeting _MUST_ be a valid principal
canonical hostname for the client host, not an alias!), there's also
only a half-functioning nameserver set for the domain:

# host -C krusty-motorsports.com
krusty-motorsports.com  NS      ns1.krusty-motorsports.com
ns1.krusty-motorsports.com      rwelty.krusty-motorsports.com   (2002060601 3600 900 604800 86400)
krusty-motorsports.com  NS      tigger.tmcom.com
Nameserver tigger.tmcom.com not responding
krusty-motorsports.com SOA record not found at tigger.tmcom.com, try again


# host -a -l krusty-motorsports.com
krusty-motorsports.com AXFR record not found at tigger.tmcom.com, server failure
krusty-motorsports.com has lame delegation to tigger.tmcom.com
krusty-motorsports.com AXFR record not found at ns1.krusty-motorsports.com, server failure
krusty-motorsports.com has lame delegation to ns1.krusty-motorsports.com
No nameservers for krusty-motorsports.com responded


I've never seen the successful side of this stupid sender verify callout
function in action, but _every_ single time I've seen it fail it's
because some soot-covered pot is trying to call some soot-covered kettle
bad names! People who can't fix their own side of the fence before
pointing their fingers at the other side should not be allowed to use
such dangerous tools.

This is one thing about Exim that I really do not like in the slightest.
Since it would be rather difficult for Exim to verify the sanity of its
own configuration against the DNS configuration for the domains it's
been configured to handle every time it starts up, it would seem more
prudent to me to just remove this stupid instantaneous sender verify
callout function.

People who think they know what they are doing could just as easily make
blacklists and whitelists of bad and good sender addresses instead of
trying to do instant dynamic tests every time some mailer sneezes in
their general direction.

In the meant time perhaps if at least this damn feature would
automatically disable itself when some non-RCPT related error occurs,
such as a 501 on the HELO.... Grrr....

--
                                Greg A. Woods


+1 416 218-0098;            <g.a.woods@???>;           <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>