Re: [exim] 454 Error

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim-users
Betreff: Re: [exim] 454 Error
On Wed, Jul 27, 2016 at 11:16:21PM +1000, Richard James Salts wrote:

> > When I send a probe to <postmaster@???>, I get:
> >
> >     Reporting-MTA: dns; mournblade.imrryr.org
> >     X-Postfix-Queue-ID: 23C8D284F25
> >     X-Postfix-Sender: rfc822; exim-users@???
> >     Arrival-Date: Wed, 27 Jul 2016 12:46:05 +0000 (UTC)

> >
> >     Final-Recipient: rfc822; postmaster@???
> >     Original-Recipient: rfc822;postmaster@???
> >     Action: deliverable
> >     Status: 2.1.5
> >     Remote-MTA: dns; mx.sendgrid.net
> >     Diagnostic-Code: smtp; 250 2.1.5 Ok

> >
> > So the issue sure looks like sendgrid is blocking the sending host,
> > envelope sender domain, or specific recipient address.
>
> This is because postfix and exim differ on where the mail should be sent.


Indeed. However, Canonicalization of the recipient domain via
CNAME records was deprecated quite some time back in RFC 2821
(published in April 2001). If the OP's Exim is still doing that,
it is out-of-date, misconfigured or both[1].

Postfix changed its treatment of CNAME domains in December of 2002:

    20021207


        Performance: RFC 2821 blesses the use of CNAME domain names
        in MAIL FROM and RCPT TO.


At the time this was classified as a performance improvement, but
it is, by now if not then, a matter of correctness. Such rewriting
is no longer correct.

It is also odd that the domain name used was taken from the "middle"
of the CNAME chain:

    help.uber.com. 60 IN CNAME frontends.uber.com.
    frontends.uber.com. 60 IN CNAME frontends-sjc1.uber.com.


    454 4.7.1 <test123@???>: Relay access denied


If canonicalization were to be done, it should have been done
"right", resulting in "frontends-sjc1.uber.com" as the recipient
domain, (which likely would still have been rejected).

-- 
    Viktor.


[1] https://tools.ietf.org/html/rfc2821#section-3.6

Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs.