Re: [exim] A kinder, gentler dns_again_means_nonexistent?

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: David Bremner
CC: exim-users
Subject: Re: [exim] A kinder, gentler dns_again_means_nonexistent?
On Sat, 2007-10-27 at 17:58 +0200, David Bremner wrote:
> Well, OK, I take your point about the general rule. On the other hand,
> it won't inconvenience any actual users, since I am only rejecting
> mail without verifiable addresses.


Yeah, that's a good point.

>     DavidW> Instead, you should filter at the 'edge MTA' 
> [snip]
>     DavidW> If you can't control the 'edge MTA' even to that extent,
>     DavidW> then the best course of action would be to stop relying on
>     DavidW> it.

>
> OK, that would be in principle correct, but then I would not get any
> email :-). I don't have any control over the edge MTA; on the other
> hand it is where all my mail goes. Such is life in a big organization.
>
> Maybe given that the mail has already been stored on the other server,
> the right way to proceed is to just to tag incoming mail that fails
> sender verification with a header, and let the MDA black hole it.


Since as you rightly point out, you're unlikely to be able to notify the
sender that it didn't get there anyway, I suspect you may be right.

> This still leaves the question of how to detect senders that defer
> persistently; what I do with those messages is a somewhat orthogonal
> question. As it is, I can accept them the first time they defer, or
> do nothing and let them bounce (from the edge MTA) eventually.


Personally, I'd go for the latter. The edge MTA chose to accept them
despite the fact that they were so suspicious. Let them remain on the
queue there until they bounce.

--
dwmw2