[exim] Temporary reject when random sender verification shou…

Top Page
Delete this message
Reply to this message
Author: Ian Zimmerman
Date:  
To: exim-users
Subject: [exim] Temporary reject when random sender verification should succeed
I just turned on callout sender verify with the random option.
Strangely, the first (and only the first) connect from many domains
after that is temporarily rejected, although the callout seems to
succeed with a 250 status code. The log lines look like this:

2018-05-29 12:25:26 acl_check_connect: connect from 23.253.242.70
2018-05-29 12:25:28 acl_check_connect: host geoip us
2018-05-29 12:25:34 acl_check_connect: 23.253.242.70 accepted
2018-05-29 12:25:34 acl_check_mail: mail from haskell-cafe-bounces@???
2018-05-29 12:25:40 [23.253.242.70] SSL verify error: depth=0 error=certificate has expired cert=/OU=Domain Control Validated/CN=*.haskell.org
2018-05-29 12:25:40 H=haskell.org [23.253.242.70]:51176 sender verify defer for <haskell-cafe-bounces@???>: Could not complete sender verify callout: mail.haskell.org [23.253.242.70] : response to "RCPT TO:<mymx.com-1527621934-testing@???>" was: 250 2.1.5 Ok
2018-05-29 12:25:40 H=haskell.org [23.253.242.70]:51176 F=<haskell-cafe-bounces@???> temporarily rejected RCPT <itz@???>: Could not complete sender verify callout
2018-05-29 12:25:40 SMTP connection from haskell.org [23.253.242.70]:51176 closed by QUIT

I obfuscated my mx hostname and my domain name, and only these two
items.

Why exim "Could not complete" the callout when it got a success code?
Again, this only happened for the first time for each domain after the
configuration change. Subsequent connections work normally and log
nothing about the callout.

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.