[exim] callout ACLs

Top Page
Delete this message
Reply to this message
Author: Ian P. Christian
Date:  
To: exim users
Subject: [exim] callout ACLs
I'm trying to build up some ACLs to do recipient callout verification
for domains we route to.

Initially, I want to see if it's a domain with a catch-all, if it is
we can remember that fact, and not need to redo the callout everytime.

If that fails for whatever reason, I don't want a defer, or a deny, it
should just continue to the next ACL.

When I try the following, if the MX we're trying to route to is down,
I get a defer on the first ACL. If I allow 'defer_ok', then mail will
be accepted at this point, which I don't want either.

If I put an endpass in before the verify, it also defers.

  # identical to rule below, but uses random, this prevents doing
callouts time and time again for
  # for catchall domains (note, passing/failing of this ACL is cached of course)
  accept  domains       = +routed_domains
          verify        =
recipient/callout=1m,maxwait=1m,connect=30s,use_sender,random


  # defer ok is required here, as recipient callout might be subjected
to greylisting
  accept  domains       = +routed_domains
          verify        =
recipient/callout=1m,maxwait=1m,connect=30s,use_sender,defer_ok


  # this might seem to contradict above rule, but.... this is for when
the host is down,
  # and NOT just defering us
  defer   domains       = +routed_domains
          message       = Recipient callout failed due to upstream
issue. Please try later.
          !verify       = recipient/callout=1m,maxwait=1m,connect=30s,use_sender



The only way I can think of doing it is to use a warn, rather than
accept, and then store the result of the callout in a variable - but
I'm pretty sure I must be doing something wrong.

Any suggestions?

Thanks,

Ian