Author: Alan J. Flavell Date: To: Suresh Ramasubramanian CC: exim-users Subject: Re: [exim] timeouts
On Sat, 1 Jan 2005, Suresh Ramasubramanian wrote:
> (we've been known to temporarily turn off MAIL FROM:<> for
> particular domains when they're being heavily dictionary attacked)
If you 5xx it, then we'd 5xx the mail offer to us; if you 4xx, it then
we'd defer the offer.
The consequence of that in a proportion of cases (mostly spammers) is
that no further attempt will be made - just as with greylisting.
Which is a nice side-effect. Whereas in some other proportion of
cases, the offering MTA will keep retrying on their normal retry
schedule. Which in turn will produce a series of callouts...
> anyway - as long as it works for you, and as long as you do stuff to
> minimize the number of callouts, like you do -
>
> 1. apply lots of other filters first (helo filters, dnsbls etc)
Sure thing.
> 2. cache callout data
exim will cache the definite results (positive or negative) of a
callout response, and we're definitely making use of that (as
inspection of the log makes clear).
But AIUI it takes no particular cacheing action if the callout gets
4xx-ed. Which leads to the undesirable situation mentioned above.
At least that is how I understand what I'm seeing in the logs -
correct me if I'm missing a point.
It could well be useful to have a callout-cacheing mechanism which
remembers that a callout produced a 4xx response, and limits the
frequency with which callouts will be attempted on that address or
domain. Meantime, repeated offers "from" that address or domain would
just be 4xx-ed without attempting repeated callouts.