Autor: Rafa Data: A: exim-users Assumpte: [exim] Dealing with "broken" mta
Hello, all
I've been using exim for several years now and I'm quite satisfied by
it, since it can pretty much handle any smtp related task I've had
need of.
Recently, tho, I was asked to provide secondary MX for another mail
server that runs Postfix. This server is completely out of my
control. My problem is, that server is configured to return "450" for
invalid mailboxes, causing exim to interpret it as a temporary error.
SMTP session goes something like this (domain names changed):
220 mail.abcd.com ESMTP Postfix
helo test
250 mail.abcd.com
mail from: test@???
250 Ok
rcpt to: ttee@???
450 <ttee@???>: User unknown in local recipient table
data
554 Error: no valid recipients
This causes exim to leave the message on queue and keep retrying until
retry timeout is reached and the message is bounced/discarded, and
after so many "450" exim stops trying to deliver and waits for the
next retry period. This causes legitimate mails to be left in the
queue forever (until they expire).
I've contemplated a couple of options here:
1. Tell the other admins to fix their server. I've already did that
and even sent them the appropiate link to the postfix documentation.
I'm still waiting for their answer.
2. Have them send me they user list and have exim check against it
before accepting a message. This is not a bad idea, but I'll either
have to give them a mechanism to update it, or have them send me the
new one every time they change something.
3. Write my own recipient verification program and call it from an ACL
using "run" or "readsocket". I think I'm going to do this anyway as
proof of concept, but with my limited programming experience, I'll
probably end up with a monstruosity that will consume pretty much all
the server resources :-)
4. Setup a special transport for them (and maybe other "broken" mta I
manage to run across. The problem (and the point of this mail): how
do I tell the smtp driver to adjust to this situation. Can I tell it
to interpret 450 as a deny and not as a defer? Recipient callouts use
this transport, so it has the same problem.
5. Stop providing secondary MX for them. This might be what's needed
to make them comply with point 1.
I'm already filtering against several dnsbl and I have an ACL based on
the excellent eximconf to drop connections from dynamic PTRs.
However, since some bozo spammer started using they domain as return
address, We've been dealing with bounces by the ton.
So... it's possible to do what I want with the regular smtp driver, or
should I look elsewhere?