[exim-dev] [Bug 2147] Random callout check causes actual ACL…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 2147] New: Random callout check causes actual causes ACL to defer
Subject: [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer
https://bugs.exim.org/show_bug.cgi?id=2147

David Woodhouse <dwmw2@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dwmw2@???


--- Comment #7 from David Woodhouse <dwmw2@???> ---
Is this the same bug?

Exim 4.87 would do this...

>>> check !verify = sender/callout=120s,random

...
>>> SMTP>> MAIL FROM:<>
>>> SMTP<< 250 2.1.0 Ok
>>> SMTP>> RCPT TO:<casper.infradead.org-1514997868-testing@???>
>>> SMTP<< 450 4.2.0 <>: Sender address rejected: Greylisted, see http://postgrey.schweikert.ch/help/example.com.html
>>> SMTP>> RSET
>>> SMTP<< 250 2.0.0 Ok
>>> SMTP>> MAIL FROM:<>
>>> SMTP<< 250 2.1.0 Ok
>>> SMTP>> RCPT TO:<example@???>
>>> SMTP<< 250 2.1.5 Ok
>>> SMTP>> QUIT
>>> wrote callout cache domain record:
>>> result=1 postmaster=0 random=0
>>> wrote positive callout cache address record

...
>>> end of ACL "check_recipient": ACCEPT

250 Accepted

After upgrading to 4.89 messages from this domain stopped being accepted,
because of postgrey's overzealous greylisting. Exim was tempfailing the
incoming message when the *random* callout was getting a tempfail:

>>> SMTP>> MAIL FROM:<>
>>> SMTP>> RCPT TO:<casper.infradead.org-1515000040-testing@???>
>>> cmd buf flush 84 bytes
>>> SMTP<< 250 2.1.0 Ok
>>> SMTP<< 450 4.2.0 <>: Sender address rejected: Greylisted, see http://postgrey.schweikert.ch/help/example.com.html
>>> SMTP>> QUIT
>>> cmd buf flush 6 bytes
>>> SMTP<< 221 2.0.0 Bye
>>> SMTP(close)>>
>>> wrote callout cache domain record for example.com:
>>> result=1 postmaster=0 random=0
>>> ----------- end verify ------------
>>> deny: condition test deferred in ACL "check_recipient"

LOG: +0000 H=(me) [10.0.0.1] sender verify defer for <example@???>:
Could not complete sender verify callout

Obviously, the random callout is supposed to just be an optimisation, to avoid
callouts for subsequent specific localparts. We should never defer the
acceptance of *this* localpart, just because the random callout got a 4xx
response.

--
You are receiving this mail because:
You are on the CC list for the bug.