Magnus Holmgren wrote: > require verify = recipient/callout=10s,defer_ok > > defer_ok ensures that mail will be accepted when the primary really *is* down.
The section in the docs on 'Callout verification' says: "Note that for a sender address, the callback is not to the client host that is trying to deliver the message, but to one of the hosts that accepts incoming mail for the sender's domain. [...] For a sender callout check, Exim makes SMTP connections to the remote hosts, to test whether a bounce message could be delivered to the sender address. The following SMTP commands are sent: [...] If the response to the RCPT command is a 2_xx_ code, the verification succeeds. If it is 5_xx_, the verification fails. For any other condition, Exim tries the next host, if any. If there is a problem with all the remote hosts, the ACL yields "defer", unless the `defer_ok' parameter of the `callout' option is given, in which case the condition is forced to succeed." Considering that, what's the actual benefit of using the defer_ok option? If a SPAMer has set up MXs that point to non-accepting hosts, he will get the SPAM through because you set defer_ok. GH -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
