Author: W B Hacker Date: To: exim users Subject: Re: [exim] Ordering of random vs. real sender verification callout
David Woodhouse wrote: > I've just encountered a host which seems to temporarily firewall me for
> a minute or two after I give it a bogus RCPT TO:.
>
> So what happens is this:
>
> Exim connects and does a random callout, which is correctly rejected.
> On sending RSET, it just gets a TCP FIN back. Exim attempts to make
> another connection, and its SYN packets are just ignored.
>
> Five minutes later, the sender tries again. This time, the random
> callout result is cached, so Exim goes straight to verifying the _real_
> address. The verification passes, and the mail is accepted.
>
> Perhaps we should be doing our callouts in the opposite order -- the
> real address (which we expect to succeed) before the random address
> (which we expect to fail)?
>
> Yes, that means that in the case where the random address _does_
> succeed, we're pointlessly checking the real address too. But only once,
> and we're still doing it all in only a single connection.
>
Try it both ways against wbh@???, then again against wbh@???
I'll check the logs and let you know what we are seeing here.
Bill
NB: Not sure myself what will happen...
All the boxen I might easily test from have get-out-of-jail-free credentials.