Re: [Exim] checking rcpts on 2nd MX

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users
Subject: Re: [Exim] checking rcpts on 2nd MX
On Thu, 20 May 2004, Peter Bowyer wrote:

> Yes - Exim can do that. This snippet in yout rcpt acl:
>
>           verify        = recipient/callout=10s

>
> This does a 'dummy' route of the message and will do a callout to the place
> it would be delivering the message to - in this case, the primary (or at
> least more preferable) MX.


It doesn't help, in this form, since - as you say yourself - if the
primary is down or too busy to respond (which would be the bona fide
reason for trying the secondary) then it's going to defer.

> You can add ',defer_ok' to the 'callout' clause to reverse this
> action and accept the recipient if the callout doesn't complete.


Indeed.

But surely the purpose of the exercise is to defend against abusive
use of the secondary? Which means ideally we want a three-way switch:

1: primary says recipient is OK, then the secondary should tell the
sender to go and use the primary instead (i.e defer the sender), in
the hope that spammers won't bother

2: primary says recipient is bad - then 5xx, as you say below.

3: primary does not respond to callout - then the secondary has to
accept the mail "blind" (subject to its other anti-spam measures),
otherwise the secondary MX is of no benefit for bona fide mails.

> If the callout fails (ie the destination server positively rejects
> the recipient), then that reject will be passed up the line.


No disagreement there.

all the best