On Sun, Feb 05, 2006 at 07:53:18PM +0000, Adam Funk said:
> On Sunday 05 February 2006 00:59, Stephen Gran wrote:
> > However, asking exim
> > to do this will violate so many normative standards of mail handling I
> > am just not sure it's a good idea. A 5xx is a permanent reject and
> > should be considred so - I know that at the larger sites I admin, when
> > I see a mail I have just 5xx'ed retried, I assume it is spam, and try
> > to come up with a rule that will catch it as well.
>
> The way I read that, you mean that if you reject a message I've tried to
> route directly, you assume it's spam when you see it later coming through
> a "smarthost". Is that right? Even though what you want is for us to
> route through the smarthosts?
I realize I was unclear. What I meant was, when I get the chance to
manually review the logs from exim, which isn't often enough, I look for
extra stuff to 5xx. If I see a pattern that looks like:
H=host1 F=<somebody@???> rejected RCPT <somebody@???> (some reason)
followed shortly by
<= somebody@??? H=host2
=> somebody@???
I look at it and say to myself, "that looks like spam. How can I stop
host2 from delivering that to us?"
> > I am sorry, but the
> > wish to work around a permanent failure just seems like a bad idea. It
> > is just so fundamental to the basic concepts of SMTP handling that I
> > can't imagine the good outweighing the bad.
>
> The problem that Daevid and I have had is that (1) our Exim bounces a
> message because you (for example) reject it because we're on a blacklist;
> (2) so we have to add that domain to the list of smarthosted destinations
> -- which is what you want us to do, right? -- then resend the message.
>
> The problem is that we discover (1) and carry out (2) at some indefinite
> later time. All we want is the ability to configure Exim to do for us
> automatically and promptly what we now have to do manually and later --
> that certainly sounds like a job for a computer program to me.
To be clear, I do not outright 5xx on any blacklist. I expect a
reasonably run mailserver to meet the following criteria:
the helo name matches the rdns
the helo name isn't fundamentally broken (isn't exchange_server.local, for instance)
forward and reverse dns match
And then a few other tests a reasonably configured MX should pass. If you
run a mailserver that can't match the 3 tests above, you probably are
not on a network that will be able to deliver mail reliably to anyone.
The issue of RBL's is really secondary, but I do use it as secondary
scoring criteria for acceptance tests.
I am not entirely happy about it, but the days of running mail servers
off of hobby lines being over is probably fast approaching. I am in the
same boat (although my rDNS and so forth match, so it will take a little
longer to sift me out with the rest of the trash). I am realistic,
though - the place to work around remote policies is not inside of exim.
--
--------------------------------------------------------------------------
| Stephen Gran | BOFH excuse #203: Write-only-memory |
| steve@??? | subsystem too slow for this machine. |
| http://www.lobefin.net/~steve | Contact your local dealer. |
--------------------------------------------------------------------------