I'm trying to build up some ACLs to do recipient callout verification
for domains we route to.
Initially, I want to see if it's a domain with a catch-all, if it is
we can remember that fact, and not need to redo the callout everytime.
If that fails for whatever reason, I don't want a defer, or a deny, it
should just continue to the next ACL.
When I try the following, if the MX we're trying to route to is down,
I get a defer on the first ACL. If I allow 'defer_ok', then mail will
be accepted at this point, which I don't want either.
If I put an endpass in before the verify, it also defers.
# identical to rule below, but uses random, this prevents doing
callouts time and time again for
# for catchall domains (note, passing/failing of this ACL is cached of course)
accept domains = +routed_domains
verify =
recipient/callout=1m,maxwait=1m,connect=30s,use_sender,random
# defer ok is required here, as recipient callout might be subjected
to greylisting
accept domains = +routed_domains
verify =
recipient/callout=1m,maxwait=1m,connect=30s,use_sender,defer_ok
# this might seem to contradict above rule, but.... this is for when
the host is down,
# and NOT just defering us
defer domains = +routed_domains
message = Recipient callout failed due to upstream
issue. Please try later.
!verify = recipient/callout=1m,maxwait=1m,connect=30s,use_sender
The only way I can think of doing it is to use a warn, rather than
accept, and then store the result of the callout in a variable - but
I'm pretty sure I must be doing something wrong.
Any suggestions?
Thanks,
Ian