Am 12.08.25 um 15:45 schrieb Jeremy Harris via Exim-users:
On 2025/08/12 2:25 PM, Frank Richter via Exim-users wrote:
But if recipient’s domain doesn’t exist, exim gives a temp error:
451 Temporary local problem
What did DNS actually return for that domain? Use debug.
$ exim -d+all -v -bv [email protected]
…
16:04:11 2570720 --------> checkonly router <--------
16:04:11 2570720 local_part=test domain=gmial.com
16:04:11 2570720 checking domains
16:04:11 2570720 cached no match for +local_domains
16:04:11 2570720 cached lookup data = NULL
16:04:11 2570720 gmial.com in "!+local_domains"? yes (end of list)
16:04:11 2570720 calling checkonly router
16:04:11 2570720 checkonly router called for [email protected]
16:04:11 2570720 domain = gmial.com
16:04:11 2570720 gmial.com in "*"? yes (matched "*")
16:04:11 2570720 DNS lookup of gmial.com (MX) gave TRY_AGAIN
16:04:11 2570720 gmial.com in dns_again_means_nonexist? no (option unset)
16:04:11 2570720 returning DNS_AGAIN
16:04:11 2570720 writing neg-cache entry for gmial.com-MX-8000c3, ttl -1
16:04:11 2570720 checkonly router: defer for [email protected]
16:04:11 2570720 message: host lookup did not complete
[email protected] cannot be resolved at this time: host lookup did not complete
% dig gmial.com
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> gmial.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30623
…
Ah, SERVFAIL.
Would dns_again_means_nonexist or help?
Yes:
16:21:54 2573003 DNS lookup of gmial.com (MX) gave TRY_AGAIN
16:21:54 2573003 gmial.com in dns_again_means_nonexist? yes (matched "*")
16:21:54 2573003 gmial.com is in dns_again_means_nonexist: returning DNS_NOMATCH
…
16:21:54 2573003 checkonly router declined for [email protected]
…
[email protected] failed to verify: Unrouteable address
Or better mx_fail_domains in dnslookup route? No, this doesn’t.
I realise this doesn't answer your question, but I fear that
the "fix" you are thinking of would introduce a problem in
the other direction.
What you're asking for is probably possible, but would require
some rather low-level detail work in your config, essentially
replacing what that "checkonly" router does. Start with looking
into the "dnslookup" lookup type, think about replacing your
existing "verify=recipient", and worry about all the possible return
value that this lookup might give.
Sounds complicated …
I’d like to deny an email instead of sending it to the smarthost, which
generates a DSN failure.
Thanks
Frank
--
Frank Richter, Chemnitz University of Technology, Germany
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
