Re: [exim] Per-ACL DNS lookup configuration?

Top Page

Reply to this message
Author: Chris Siebenmann
Date:  
To: David North
CC: exim-users, cks
Subject: Re: [exim] Per-ACL DNS lookup configuration?
> This in turn lead to all my incoming mail being deferred by exim -
> extract from debug output:
>
> >>> no IP address found for host foo.example.com (during SMTP connection
> from (somewhere) [128.66.0.1])
> >>> foo.example.com in dns_again_means_nonexist? no (option unset)
> >>> host in "foo.example.com"? list match deferred for foo.example.com
> >>> deny: condition test deferred in ACL "acl_check_rcpt"
> 451 Temporary local problem - please try later
> LOG: H=(somewhere) [128.66.0.1] F=<foo@???> temporarily rejected
> RCPT <bar@???>
>
> Obviously, I don't want some spammer's inability to run a nameserver to
> defer all my incomimg mail.


I think that what you want to do here is add +ignore_defer to the front
of the hosts list you're generating based on the DB query.

If you also use IP addresses or netblocks in the DB, you may want
+ignore_unknown here too. Otherwise an IP address without good reverse
DNS may cause some amount of your IP addresses (or netblocks) to not
match.

(This is covered in the documentation in chapter 10 section 16 and
section 14, but it's easy to miss; I did, years ago, with similar
effects to what you're seeing here.)

    - cks