Re: [Exim] checking rcpts on 2nd MX

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Peter Bowyer
Datum:  
To: Exim users
Betreff: Re: [Exim] checking rcpts on 2nd MX
Paul Makepeace <exim.org@???> wrote:
> Hi - I'm sure someone's thought of this already or has a better idea
> but here goes anyway...
>
> Ideally MXs are set-up identically as their primaries even to the
> point they know which accounts are valid so as to be able to 550
> senders before accepting anything.


Absolutely.

> Unfortunately that's not always
> possible and so a lot of spam can be accepted by 2-MXs which then is
> found upon delivery to the 1-MX not to have a live rcpt. Result: mess.


Indeed

> So - much like exim does sender callbacks, could it also do 1-MX call-
> forwards? Yes, of course, if a 2-MX is being contacted at all
> presumably the 1-MX is unavailable. But that's often not the case
> with spam - they will try all, often *preferentially* 2-MXs.


Yes - Exim can do that. This snippet in yout rcpt acl:

          verify        = recipient/callout=10s


This does a 'dummy' route of the message and will do a callout to the place
it would be delivering the message to - in this case, the primary (or at
least more preferable) MX. If the delivery would defer (eg if the primary is
unreachable), the callout will not complete in the timeout and the recipient
will be temp rejected. You can add ',defer_ok' to the 'callout' clause to
reverse this action and accept the recipient if the callout doesn't
complete. If the callout fails (ie the destination server positively rejects
the recipient), then that reject will be passed up the line.

Peter