Auteur: listrcv Date: À: Magnus Holmgren CC: exim-users Sujet: Re: [exim] Am I an open relay or aren't I?
Magnus Holmgren wrote:
> require verify = recipient/callout=10s,defer_ok
>
> defer_ok ensures that mail will be accepted when the primary really *is* down.
The section in the docs on 'Callout verification' says:
"Note that for a sender address, the
callback is not to the client host that is trying to deliver the
message, but to one of the hosts that accepts incoming mail for the
sender's domain.
[...]
For a sender callout check, Exim makes SMTP connections to the
remote hosts, to test whether a bounce message could be delivered to
the sender address. The following SMTP commands are sent:
[...]
If the response to the RCPT command is a 2_xx_ code, the verification
succeeds. If it is 5_xx_, the verification fails. For any other
condition, Exim tries the next host, if any. If there is a problem with
all the remote hosts, the ACL yields "defer", unless the `defer_ok'
parameter of the `callout' option is given, in which case the condition
is forced to succeed."
Considering that, what's the actual benefit of using the defer_ok option?
If a SPAMer has set up MXs that point to non-accepting hosts, he will
get the SPAM through because you set defer_ok.