Monthly Archives: January 2016

E-mail for the last three days – my part in its downfall

You know Tuesday afternoon is going well when your mother calls and asks why she hasn’t received any e-mail for the last three days. Come to think of it, I hadn’t had much e-mail lately either.

Five minutes later on the mailserver (IP addresses and domain names changed to protect the guilty)…

$ exim4 -bhc 128.66.0.1

RCPT TO bar@example.com
>>> check hosts = ${sg {${lookup sqlite{ /path/to/my/sqlite.database SELECT host FROM blacklist WHERE domain = '$domain'; }}}{\n}{: }}
...
>>> no IP address found for host foo.example.com (during SMTP connection from (somewhere) [128.66.0.1])
>>> foo.example.com in dns_again_means_nonexist? no (option unset)
>>> host in "foo.example.com"? list match deferred for foo.example.com
>>> deny: condition test deferred in ACL "acl_check_rcpt"
451 Temporary local problem - please try later
LOG: H=(somewhere) [128.66.0.1] F=<foo@example.com> temporarily rejected RCPT <bar@example.com>

$ host foo.example.com
Host foo.example.com not found: 2(SERVFAIL)

Yes,  if you have a host-based blacklist which contains names as well as IP addresses, Exim will defer messages if it gets a “temporary” DNS failure when looking up names on the list. So not only did the owner of foo.example.com screw me over by sending me spam, but their broken DNS deferred all of my incoming mail. Excellent. I’ll let you know if the internet comes up with a solution to this other than the per-domain one.