Re: [exim] 454 Error

Top Page
Delete this message
Reply to this message
Author: Richard James Salts
Date:  
To: exim-users
Subject: Re: [exim] 454 Error
On Wed, 27 Jul 2016 11:16:21 PM Richard James Salts wrote:
> On Wed, 27 Jul 2016 12:50:59 PM Viktor Dukhovni wrote:
> > On Tue, Jul 26, 2016 at 05:34:34PM -0700, Mike Kadin wrote:
> > > help.uber.com is a CNAME to frontends.uber.com which is a CNAME to
> > > frontends-sjc1.uber.com which has an MX record of mx.sendgrid.net.
> > > Sendgrid is our inbound SMTP provider:
> > > ...
> > > help.uber.com. 60 IN CNAME frontends.uber.com.
> > > frontends.uber.com. 60 IN CNAME frontends-sjc1.uber.com.
> > > frontends-sjc1.uber.com. 300 IN MX 0 mx.sendgrid.net.
> > > ```
> > > Delivery Host: mx.sendgrid.net
> > > Delivery IP: 167.89.125.4
> > > Size: 39.83 KB
> > > Result: 25: SMTP error from remote mail server after RCPT TO:<
> > > test123@???>: 454 4.7.1 <test123@???>:
> > > Relay
> > > access denied
> > > ```
> >
> > Note that the DSN code is "4.7.1", which is:
> >     https://tools.ietf.org/html/rfc3463

> >
> >       X.7.1   Delivery not authorized, message refused

> >
> >          The sender is not authorized to send to the destination.  This
> >          can be the result of per-host or per-recipient filtering.  This
> >          memo does not discuss the merits of any such filtering, but
> >          provides a mechanism to report such.  This is useful only as a
> >          permanent error.

> >
> > When I send a probe to <postmaster@???>, I get:
> >     Reporting-MTA: dns; mournblade.imrryr.org
> >     X-Postfix-Queue-ID: 23C8D284F25
> >     X-Postfix-Sender: rfc822; exim-users@???
> >     Arrival-Date: Wed, 27 Jul 2016 12:46:05 +0000 (UTC)

> >
> >     Final-Recipient: rfc822; postmaster@???
> >     Original-Recipient: rfc822;postmaster@???
> >     Action: deliverable
> >     Status: 2.1.5
> >     Remote-MTA: dns; mx.sendgrid.net
> >     Diagnostic-Code: smtp; 250 2.1.5 Ok

> >
> > So the issue sure looks like sendgrid is blocking the sending host,
> > envelope sender domain, or specific recipient address.
>
> This is because postfix and exim differ on where the mail should be sent.
> http://cr.yp.to/im/cname.html explains the problem: sendmail accepts a
> domain with a CNAME record. It replaces the domain with the CNAME value
> before using it in RCPT, unless it is acting as a dumb client. Similar
> comments apply to qmail and other mailers.


>From all the documentation I can see exim doesn't do this by default, maybe

this site has implemented it in their routers as a backwards compatibility
step with sendmail.