On 11/01/18 12:14, Merlin Hartley wrote: > We use a simple list system (that I wrote a few years ago) which pulls data out of our HR database and creates files containing e-mail addresses (router described below) - which has an option to restrict the senders for submission to the list.
> When a message is from an authorised sender it is delivered to the list - when the sender is not on the Allow list the message drops through to the next router and therefore ends up at the last router which has a ‘cannot_route_message’.
>
> So far this sounds fine, the problem occurs when an intermediate MTA (e.g. our edge servers which I don’t control) tries to deliver a message with an unauthorised sender - this failure is then cached and no more messages to that list are accepted (even with authorised senders).
>
> I expect I should be checking the senders in a different way and giving a different response code in cases where the sender is unauthorised - so that intermediate MTAs don’t cache the result for this recipient…
>
> Does anyone have any pointers for me?
I assume you're doing recipient verify, from the RCPT ACL - although the
router call is then checking the sender - so the intermediate MTA is
getting an SMTP-time rejection for the RCPT TO... which is your ML
submission address. As opposed to doing an accept-and-bounce.
Could you reject in the MAIL ACL instead?
--
Cheers,
Jeremy
