[exim] Sender verify at extreme

Thu, 05 Jul 2007 12:40:22 -0700 

Hello everyone,

OK, so I designed myself this ACL for sender verify with exceptions
made for some broken domains that are held in
/etc/exim/wildcard_whitelist_domains file ( *.badly.broken.domain ):

begin acl

acl_nsvdom:
        accept condition = ${lookup {${lc:$sender_address_domain}} 
partial1-lsearch {/etc/exim/wildcard_whitelist_domains} {yes}{no}}
        require verify = sender/callout=120s,defer_ok
        control = no_callout_flush
        accept

[...]

  require verify = sender
  acl = acl_nsvdom


It worked dandy until some of my users tried getting mails with
activation links from one badly misconfigured domain:

playfoto.pl.            259200  IN      MX      10 87.98.232.90.

exim -bh 87.98.232.90 gives me this:

>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing [EMAIL PROTECTED]
>>> playfoto.pl in "lsearch;/etc/virtual/domains"? no (end of list)
>>> playfoto.pl in "! +local_domains"? yes (end of list)
>>> calling lookuphost router
>>> lookuphost router declined for [EMAIL PROTECTED]
>>> "more" is false: skipping remaining routers
>>> no more routers
>>> ----------- end verify ------------
>>> require: condition test failed
LOG: H=gnugeneration.net (o) [87.98.232.90] sender verify fail for <[EMAIL 
PROTECTED]>: all relevant MX records point to non-existent hosts or (invalidly) 
to IP addresses
550-Verification failed for <[EMAIL PROTECTED]>
550-It appears that the DNS operator for playfoto.pl
550-has installed an invalid MX record with an IP address
550-instead of a domain name on the right hand side.
550 Sender verify failed
LOG: H=gnugeneration.net (o) [87.98.232.90] F=<[EMAIL PROTECTED]>
rejected RCPT [EMAIL PROTECTED]: Sender verify failed

Why would this condition fail??? After all, I clearly defined accept
condition:

accept condition = ${lookup {${lc:$sender_address_domain}} partial1-lsearch 
{/etc/exim/wildcard_whitelist_domains} {yes}{no}}

It is fulfilled, because the wildcard domain "*.playfoto.pl" is added
there (and I have tested it in case of domains that have good MX but
where sender verify fails for some other reasons, like greylisting).
Therefore, correctness of MX for the domain or lack thereof should play
no role in deciding whether to accept or reject the mail.

Anybody has a clue why this require fails?

Thanks in advance,
Marcin Krol




-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to