I have host-centric blacklisting in my acl_check_rcpt which looks a bit
like this:
deny
message = sender IP address $sender_host_address is locally
blacklisted for this domain. If you think this is wrong, get in touch
with postmaster@$domain
!acl = acl_local_deny_exceptions
hosts = ${sg {${lookup sqlite{ /path/to/my/db.sqlite SELECT hostname
FROM blacklist WHERE domain = '$domain'; }}}{\n}{: }}
It's been working well for years, but recently a host foo.example.com on
my blacklist developed problems with its DNS servers resulting in a
SERVFAIL response to lookups for foo.example.com.
This in turn lead to all my incoming mail being deferred by exim -
extract from debug output:
>>> no IP address found for host foo.example.com (during SMTP connection
from (somewhere) [128.66.0.1])
>>> foo.example.com in dns_again_means_nonexist? no (option unset)
>>> host in "foo.example.com"? list match deferred for foo.example.com
>>> deny: condition test deferred in ACL "acl_check_rcpt"
451 Temporary local problem - please try later
LOG: H=(somewhere) [128.66.0.1] F=<foo@???> temporarily rejected
RCPT <bar@???>
Obviously, I don't want some spammer's inability to run a nameserver to
defer all my incomimg mail.
Digging into the manual, I see one possibility is to add foo.example.com
to the dns_again_means_nonexist list. This is domain-specific, though -
ideally, I'd like to be able to put something in the ACL to mean "DNS
lookup failures should be treated as a non-match for that entry in the
list". Is this possible?
Thanks,
David
--
David North |
www.dnorth.net
