On Tue, 18 Jan 2005, Ryan Tracey wrote:
> Hi
> I have a somewhat strange problem with an ACL check. Exim issues 451/defers
> to servers whose IPs fail a reverse lookup with "SERVFAIL".
That's right. A temporary (one hopes) DNS error causes a defer.
> I have done a
> "host <ip>" on a number of different servers to exclude a local dns problem.
> An exim4 -bh <ip> shows that reverse dns lookup is the problem.
> The strangeness is that in different ACLs Exim seems to treat the SERVFAIL
> differently.
> In acl_check_mail the following does not result in a 451 with a SERVFAIL IP.
>
> warn message = X-Broken-Reverse-DNS: $sender_host_address
> !verify = reverse_host_lookup
> log_message = acl_mail: (warn-only) Cannot reverse DNS $sender_host_address
> delay = 5s
Deferring conditions are treated differently on "warn" verbs. The
condition is always treated as "false" (the incident is supposed to be
logged). The idea is that, as they are just "warnings", it is better to
try to get on with receiving the message.
> In acl_check_rcpt a check of a different sort (also warn only) that includes
> "!verify = reverse_host_lookup" results in a 451 for the same IP.
Hmm. That doesn't agree with what is supposed to happen. Have you got
debugging output that shows this?
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book