Как исправить ошибки smtp-сервера при отправке писем

How to do enable SMTP authentication in different mail programs

1. How to fix the error ‘550 Relay Not Permitted’ in Thunderbird

The steps to configure authentication in Thunderbird is pretty easy:

  1. In Thunderbird, under ‘Tools‘ select ‘Account Settings‘.
  2. Select ‘Outgoing Server (SMTP)‘ and click ‘Edit‘.
  3. Enable the ‘Use name and password‘ option.
  4. Enter the username and password and click OK.

2. How to fix the error ‘550 Relay Not Permitted’ in Microsoft Office Outlook

To enable SMTP authentication in Microsoft Office Outlook, the steps are:

    1. Select the Tools -> Account Settings option.
    2. On the Email tab, click New.
    3. In the Add New Account dialog box, enter the Name, email address and password.
    4. Check the option ‘Require logon using SPA’.
  1. Microsoft Outlook configuration

5. In the ‘More Settings’ tab, set the Outgoing server and enable the option ‘My Outgoing server (SMTP) requires authentication’. Click OK.

Microsoft Outlook – Enable authentication

3. How to fix the error ‘550 Relay Not Permitted’ in Outlook Express

To enable SMTP authentication in Outlook Express, here are the steps:

  1. In the “Tools” menu, select “Accounts…“
  2. Edit the “Properties” of your email account.
  3. Click the “Servers” tab.
  4. Check the “My Server Requires Authentication” check box and the adjacent “settings” button.
  5. Make sure that the “Use same settings as my Incoming Mail Server” radio button is selected.
  6. Click “OK” and close.

Письма отклоняются как спам

В этом случае в логе будут встречаться ошибки вида:

550 spam reject;  
554 5.7.1 Message rejected under suspicion of SPAM

Сообщение означает, что принимающий сервер отклонил письмо, заподозрив, что это спам.

Пример подобного лога:

Jun 25 01:24:53 vh256 splogger: 1joDp7-0002mn-2s X-PHP-Originating-Script: "2157:class-phpmailer.php"

Jun 25 01:24:53 vh256 splogger: 1joDp7-0002mn-2s <[email protected] U=user P=local S=4666 [email protected]

Jun 25 01:24:53 vh256 splogger: 1joDp7-0002mn-2s **[email protected] R=dnslookup T=remote_smtp H=mxs.mail.ru  X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes: SMTP error from remote mail server after end of data: 550 spam message rejected. Please visit http://help.mail.ru/notspam-support/id?c=2VFQCmsIj_XndmnnBFTa1ne5-RHRbW_DSzxt0X6mKocNAAAAov4AACD1dCY~ or  report details to [email protected]. Error code: 0A5051D9F58F086BE76976E7D6DA540411F9B977C36F6DD1D16D3C4B872AA67E. ID: 0000000D0000FEA22674F52

Для решения вопроса вам необходимо связаться с технической поддержкой сервера получателя. Способ связи с ними, как правило, указан в самом логе.

Please visit http://help.mail.ru/notspam-support/id?c=2VFQCmsIj_XndmnnBFTa1ne5-RHRbW_DSzxt0X6mKocNAAAAov4AACD1dCY~ or  report details to [email protected]. Error code: 0A5051D9F58F086BE76976E7D6DA540411F9B977C36F6DD1D16D3C4B872AA67E. ID: 0000000D0000FEA22674F52

1.10. Recommendable and not-so-recommendable third-party documentation

1.10.1. I have configured exim with help of a non-Debian HOWTO. It doesn’t work.

Unfortunately, a lot of third-party documentation has been written by people who do not fully understand how things work. They might have been successful in solving the issue at their hands, but challenges are so different that it is extremely improbable that the solution will hold in other situations.

It is thus advisable to take third-party HOWTOs with extreme caution and use them only as input for a local solution. Taking a third-party configuration snippet verbatim is like asking for extreme trouble.

In this FAQ entry, we’ll link to third-party HOWTO documents and comment about what we think about their contents.

  • SMTP Relaying Via a Smarthost. This document shows basic understanding of the concepts in an abstract way, but gives questionable advice in detail.

    • The document gives a truckload of Debian-specific advice and does not say that it is Debian-specific. This suggests that the author does not have too much E-Mail admin experience, and nearly none outside a Debian environment.
    • Why does the document recommend changing our local configuration to use a hardcoded user name instead of the file lookup that we provide?
    • Why does the document recommend having Exim listen on Port 26 instead of using the standardized submission port 587?
    • The author has never heard of swaks and advocates manual debugging
    • The author rants about Debian’s exim4 configuration scheme and calls it «confusing». In the same paragraph, he says that he didn’t find out how to use a single, hand-crafted exim4.conf file. Considered that it is prominently documented in the README that /etc/exim4/exim4.conf takes absolute preference over all other configurations, it looks to me that the author of this HOWTO did not bother to read our documentation.
  • Installing and configuring Exim 4 on Debian. This document gives advice how to configure spamassassin, clamav and some implementation of «virtual domains». Please note that «virtual» is a very overused term and you might think of «virtual domains» as something different than the document’s author might think. Additionally, the documentation uses exim’s built-in content scanning interface to link to clamav, but uses sa-exim for spamassassin integration. This is double work since exim’s built-in content scanning can link to spamassassin as well.

  • Gemischtes Doppel. This Document in German language isn’t so bad, but it switches off all Debian automatisms and leaves the user out in the dark without updates.

  • debian:exim4 is a HOWTO about how to use exim4 with dbmail. I have to advise against using this howto for the following reasons:

    • The author himself claims to be not an expert on spamassassin, pam, clamav or exim4. Yet, he publishes his (wrong and misleading) findings.
    • He neither did manage to get saslauthd to work, nor mySQL. Both things are trivial to do if one has familiarized oneself with exim as it is necessary to run a mail server on the Internet.
    • It advises to use sa-exim «For Spamassassin auto-blocking». I don’t know what auto-blocking is, but exim can use spamassassin at SMTP time natively and can also block depending on the spamassassin results. I have not yet seen a setup where sa-exim was actually needed.
    • At least the HOWTO uses our configuration and allows people to receive updates in the future.
  • Mailserver configuration with Debian, Exim, ClamAV & dspam is a document worth reading. It was written by somebody with understanding of the way the Debian packages of Exim4 work, and the document shows how to enable the suggested features while still making use of our Defaults. That’s the way a HOWTO should be.

  • Gmail and Exim4 in this very wiki used to contain outdated information. No, the author of _this_ FAQ does not have the time to improve the Gmail HOWTO document, sorry. Read them only as secondary information.

  • Installation von Exim 4 — Update von exim 3 is one of the worst HOWTOs I have ever read. Advises to do everything that is a bad idea, starting from using update4r4 to using spamassassin with the outdated router/transport algorithm to replacing our configuration with the generated converted one. Thankfully, it’s in German and has somewhat limited audience. Do not use.

Back to PkgExim4

When do you see the error ‘mailing to remote domains not supported’ in Exim4 servers?

Suppose you are trying to send mails from your server to addresses outside your server, such as gmail. For a mail delivery to work fine, there has to be a working MTA.

MTA (Mail Transfer Agent) is a service that delivers mails from one server to another. Exim4 is a popular MTA that comes by default in Debian servers.

This configuration is specified in the Exim configuration file ‘/etc/exim.conf’.

#ifdef DCconfig_local
# configtype=local
#
# Stand-alone system, so generate an error for mail to a non-local domain
nonlocal:
debug_print = "R: nonlocal for $domain"

driver = redirect

domains = !example.com

qualify_domain = example.com
# domains = ! +local_domains

allow_fail

data = :fail: Mailing to remote domains not supported

no_more

#.endif

If this Exim4 MTA is not installed or configured properly for delivering mails to remote servers, mail delivery to external domains fails and gives out error message:

Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

Remote Domains
"Mailing to remote domains not supported"

1.5. Routing

1.5.1. I am trying to have exim forward mail to some internal hosts, but all I am getting is «all relevant MX records point to non-existent hosts»

A probable cause for this might be that all MX records for the offending domain point to site local or link local IP addresses, which are ignored by the dnslookup router to protect from misconfigured external domains. The default configuration has relaxed checking for domains that the local system is configured to allow relaying to, so adding the offending domain to dc_relay_domains will most probably help. Please note that this entry might be necessary anyway to bypass relay control for the domains in question.

Please note that no domain on the public Internet should have MX records pointing to site local or link local IP addresses, so you might check your externally visible MX records.

If this doesn’t help, try analyzing the output of exim -d -bt [email protected]

Upstream Exim FAQ Q0302 might help as well.

1.5.3. How do I configure a catch-all?

A catch-all is most easily implemented by modifying the system_aliases router. It causes all local parts that have no explicit alias entry are aliased to one single target, unconditionally.

To enable this:

1 add a * to the lsearch statement in the system_aliases router, giving lsearch* 1 add a line *: your.catchall.target.example to /etc/aliases

If you want mail for some other targets to be processed as before, you need to alias them to themselves (other-target: other-target) to prevent them from being caught by the catch-all.

It is no longer necessary to alias the catch-all target to itself as it was with previous versions of Exim.

Please note that it is a really bad idea to use a catch all in these days since incredible amounts of spam are received on these accounts. It is far superior to tell Exim which local parts exist so that it is possible to reject spam to non-existing addresses before actually accepting it.

1.5.4. How can I create a blacklist to deny specific hosts / ip addresses?

The access lists that come with Debian’s exim4 configuration have some infrastructure for that and are extensively documented. Their function can be controlled with files placed in /etc/exim4. See also the manual page for exim4_files (available from exim4 4.62-2 on and linked to by PkgExim4) for explanation of these files.

There is also macro-driven infrastructure to use DNS-based block lists. See the ACL files and the Debian exim4 documentation for more information.

Please note that this needs basic familiarity with Exim ACLs and lookups.

Как избежать ошибок при составлении и отправке писем

Причинами возникновения ошибок и, как следствие, неполучения сообщений могут служить разные факторы. Одни из них связаны с неправильным составлением исходящих писем самим пользователем, другие относятся к более глобальным программным настройкам со стороны получателя.

Самый простой способ это понять – отправить тестовое сообщение на свой ящик. Затем следует протестировать его отправку и получение, используя разные внешние почтовые сервисы: gmail, yandex, mail, rambler и другие. Если сообщение получено, следует ответить на него, проверив корректность исполнения команды «RE» вашим почтовым сервером и принятие ответа условным отправителем.

Довольно часто проблемы с попаданием писем в папку «Спам» или программной блокировкой на стороне получателя лежат в неверном оформлении ключевых полей. Особенно это касается массовых рассылок коммерческого характера. Для отправки большого количества однотипных сообщений как минимум потребуется выполнение следующих параметров настройки:

  • выделенный IP-адрес с целью исключить блокировку на стороне сервера-ретранслятора или почтовой программы конечного получателя;
  • криптографические подписи DKIM и SPF, помогающие подтвердить подлинность домена и минимизировать количество писем, воспринимаемых как спам.

Некорректное использование бота для отправки писем может привести к блокировке отправителя и другим нежелательным последствиям. Даже если информация, которую вы отправляете потенциальным клиентам, реально интересна им, система спам-фильтрации может воспринять данную рассылку как вредоносную. Чтобы избежать этого, лучше всего воспользоваться услугами специализированных компаний.

В моей практике был случай, когда никак не удавалось добиться получения моей электронной корреспонденции одним из сотрудников компании «Лукойл». Письма я отправлял самые простые, используя корпоративный ящик. Только после того, как мой респондент обратился в IT-службу своего предприятия, выяснилось, что данный адрес находится в блэк-листе. Попал он туда из-за каких-то ошибок, допущенных моим предшественником. Понадобилось больше недели, чтобы адрес включили в «белый список». Все это время письма, высылаемые с личного [email protected], доходили без проблем.

Полезно: Почему не приходят письма с сайта. Пример частного случая.

1.2. Debian Configuration

1.2.1. How do I re-execute the debconf-driven configuration?

Debian’s configuration is factored out into a dedicated package. Thus, dpkg-reconfiguring exim4, exim4-base or one of the daemon packages is not going to work. Please use  dpkg-reconfigure exim4-config or edit /etc/exim4/update-exim4.conf.conf directly.

More information can be found in the manual page for update-exim4.conf.

1.2.3. How does exim find out its host name to use in HELO/EHLO?

Some paranoid third parties check the HELO/EHLO name of a host delivering mail to them. If the HELO/EHLO name does not match the reverse DNS of the originating IP, the message is rejected or scored appropriately.

The name used by Exim in EHLO/HELO is pulled from configuration option primary_hostname. Debian’s exim4 default configuration does not set primary_hostname. Exim then defaults to uname() to find the host name. If that call only returns one component, gethostbyname() or getipnodebyname() is used to obtain the fully qualified host name.

If your Exim HELOs as localhost.localdomain, then you have most probably a misconfigured /etc/hosts created by some versions of the Debian installer. In this case, please fix your /etc/hosts.

Please refrain from using primary_hostname unless you cannot avoid using it. It enhances the complexity of your configuration and leads to error issues that are a hell to debug.

There is currently a bug in the optional package libnss-myhostname (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756224) which breaks the above mechanism of obtaining the fully qualified host name. If you do not need libnss-myhostname, removing this package resolves the corresponding problem.

1.2.4. How can I integrate third-party tools with Exim?

On first look, Debian’s exim configuration is radically different from what Upstream and the larger part of the rest of the world use. On second look, we’re not _that_ different.

Most probably the documentation of the third-party tool is going to help you to create a working integration in Debian’s exim configuration. You might not be able to use their point-and-drool step-by-step instructions, but with a moderate amount of reading and abstraction is going to deliver a working configuration. The documentation delivered with Debian’s exim4 packages might help.

1.2.5. What do the «DEBCONFfooDEBCONF» macros in the Debian configuration do?

When the Exim daemon is started, the dpkg-conffiles in /etc/exim4 are post-processed to the result /var/lib/exim4/config.autogenerated, which is the configuration file that Exim reads. In this post-processing step, done by update-exim4.conf, the DEBCONFfooDEBCONF strings are replaced with values pulled from /etc/exim4/update-exim4.conf.conf and system configuration.

Please note that the string DEBCONF is kind of a misnomer since the strings are _not_ directly pulled from the Debconf database, but from user-editable conffiles instead. This is a common misunderstanding.

For more information, read the update-exim4.conf man page.

1.2.6. Why does «ps» display Exim’s account name only as a number?

That’s documented behavior of ps. When the account name does not fit the table layout (as it is the case for Debian-exim), ps displays the uid as a number.

1.6. TLS issues

1.6.1. GnuTLS

Exim4 in Debian uses GnuTLS, not OpenSSL, by default. Unfortunately, there still are a few rough edges in the GnuTLS stuff. There are several bugs tracking these issues in the BTS. Anyone having a problem with a Nokia / Symbian client should check out — there is a patch there to enable the gnutls_compat_mode option.

GnuTLS uses much entropy. On some systems, it uses more entropy than the system is generating. This has become a problem since the kernel developers decided to drop the network card as an entropy source in early 2.6.x due to the possibility of it being manipulated externally. You can find out how much entropy your system has available by looking into /proc/sys/kernel/random/entropy_avail. If that number stays under 100 for more than a few seconds, you have a problem. Possible solutions are using a hardware random number generator your system might be equipped with, or using a special solution that allows using a microphone connected to your system’s audio in as an entropy source.

While replacing /dev/random with /dev/urandom is commonly touted as a possible solution, we advise against doing so since this will decrease the security of _all_ cryptographic functions of your system.

A constant source of entropy starvation is the generation of a file containing an RSA key and parameters needed for the Diffie-Hellman key change algorithm. That file is deleted in the daily cron job as recommended by the upstream Exim docs, and normally, the next exim process starting up a TLS session generates a new set of parameters. This, however, uses _lots_ of entropy, and exim blocks if not enough entropy is available, leading to session timeouts. More information about this can be found in the Exim specification chapter 38.3.

Since 4.52-2, if the package gnutls-bin is installed, the daily cron job does not simply remove the file but tries to generate a new parameter file. Only if this succeeds, the old parameter file is replaced by the new, so in theory, exim should always find a recent parameter file to use, avoiding the blocking situation.

In 4.63-4, that process was touched again and it can now use an installed openssl package as well as gnutls-bin to generate the new file.

Please note that both Debian and upstream are currently in dire need of people knowledgeable with GnuTLS and exim to debug these issues. If you can do this, please get in touch with the maintainers.

1.6.2. Building against OpenSSL

Starting with 4.60-3, the package can be rebuilt against OpenSSL by uncommenting the # OPENSSL:=1 line in debian/rules. This might result in a GPL violation, so be sure to check this with your legal department before actually doing so.

Положительные и отрицательные сообщения SMTP-сервера

Данные коды являются трехзначными, каждая его часть несет в себе определенную информацию, расшифровывающую причину сбоя.

Первая цифра комбинации содержит информацию о качестве доставки:

  • сообщение доставлено («SMTP OK»);
  • возникла неизвестная или временная проблема («SMTP unknown»);
  • критическая ошибка («SMTP error»). 

Существует четыре варианта значений для первой цифры кода:

  • 2xx – положительный результат, есть возможность передачи следующей команды;
  • 3xx – отложенный результат, необходимо осуществление дополнительных действий;
  • 4xx – сообщение не принято, но проблема носит временный характер, и запрос может быть повторен через какое-то время; 
  • 5xx – категорический отказ выполнения команды, отправка запроса со стороны передающего сервера в том же виде невозможна. 

Вторая цифра в коде сообщает о категории ответа:

  • 0 – синтаксические ошибки; 
  • 1 – ответы на запросы информации; 
  • 2 – ошибки канала передачи; 
  • 3 и 4 – неизвестный тип ошибки;
  •  5 – статус почтовой системы.

Третья цифра дает более расширенную информацию о значении, указанном во второй цифре SMTP-ответа.

Помимо цифровой комбинации, SMTP-сообщение может содержать дополнительную текстовую информацию.

Полную информацию о кодах, их компоновке и значениях можно найти в спецификациях RFC 5321 и RFC 1893.

Следует учитывать, что SMTP-message говорит об успешном или неудачном варианте доставки именно на уровне взаимодействия почтовых серверов. Положительный ответ вовсе не означает, что ваше письмо не попало в папку «Спам».

What causes the error ‘550 Relay Not Permitted’?

This prevents something called “open relay spamming” where a spammer can blast thousands of spam through a server that has broken or no authentication.

1. User not authenticated properly

To prevent spammers or unauthorized users from abusing it, every mail server has an authentication system configured in it.

If users try to send mails from their mail program without authenticating their account first, the error ‘550 Relay Not Permitted’ will be shown.

[ Worry no more about web or mail errors. Get an experienced server admin to manage your servers for as low as $12.99/hour. ]

2. SMTP port blocked

By default, the SMTP port is Port 25. But some ISPs and mails servers block this port to prevent spammers from misusing or attacking that port and abusing the server.

There are some ISPs or mail servers who implement advanced security measures such as blocking certain IP ranges and allowing users to connect only from white-listed IPs.

telnet domain.com 25

3. MX configuration issues

Incorrect MX record settings or DNS resolution issues for the recipient domain, will also cause the error ‘550 Relay Not Permitted’ when you send mail to that domain.

To verify the MX records for a domain, use the command:

dig domain.com MX

Improper settings of authentication servers such as POP, IMAP, Dovecot, etc. can also be a reason for the error ‘550 Relay Not Permitted‘.

4. Routing issues in mail server

[ Tired of repeated mail errors? Our Support Engineers can take care of your servers and support your customers 24/7. Click here to know more. ]

Виды почтовых сервисов

На программном уровне существует несколько видов обработки электронной почтовой корреспонденции. К первой группе относятся виртуальные сервисы, доступные чаще всего в бесплатном исполнении через интернет-соединение на сайте почтового сервера. Это всем известные ресурсы: 

  • Gmail/Google Suite (почта от Google.com);
  • Yandex.ru;
  • Mail.ru; 
  • Rambler.ru и другие.

Более подробную информацию о значениях ответов SMTP можно получить на сайтах популярных почтовых сервисов:

  • Коды ошибок SMTP почтового сервиса Gmail (Google Suite) (support.google.com)
  • Создание и отправка писем на сервисе Яндекс
  • Ошибки отправки писем при использовании сервера и сервиса Mail.ru

Ко второй группе относятся почтовые клиенты – программы, обладающие более расширенным функционалом, чем виртуальные сервисы. Наиболее популярными и универсальными почтовыми клиентами для Windows являются:

  • Opera Mail;
  • Mozilla Thunderbird;
  • Koma-Mail;
  • SeaMonkey;
  • The Bat!;
  • Microsoft Outlook.

Принципы работы почтовых клиентов несколько отличаются от процесса обработки корреспонденции виртуальными серверами. При отправке сообщения программа отсылает его не напрямую конечному получателю, а ретранслирует через сервер-релей. Этот процесс осуществляется чаще всего с использованием протокола SMTP, а получение корреспонденции обычно происходит с помощью IMAP или POP.

Коды SMTP-ответов определяются стандартом. Администратор почтового сервера может создать собственные настройки, в том числе и в части кодировки ответов сервера. Особенно это касается локальных почтовых программ, установленных непосредственно на сервере какой-нибудь компании.

О вариантах выбора и способах создания корпоративных почтовых сервисов более подробно можно прочитать здесь: Что такое почтовый сервер и зачем он нужен.

1.4. Networking and ISP issues

1.4.1. my exim cannot connect to the outside

If your ISP does not offer a smart host or you want to deliver via a trusted third party, you need to have your exim deliver the messages to the smart host on a different port, for example tcp/587.

1.4.2. my exim cannot be connected to from the outside

If you want to run a MX server on such a connection, you’re out of luck. It is not possible to use a different port for MX servers since the Internet Standards don’t offer the possibility to tell delivering hosts to try delivery on a different port.

1.4.3. How do I configure exim to use a different port to receive mail

Set SMTPLISTENEROPTIONS to the appropriate value in /etc/default/exim4. For example, use -oX 25:587 -oP /var/run/exim4/exim.pid to have exim listen on tcp/25 and tcp/587. The -oP parameter is necessary in this case since exim does not create a pid file automatically if -oX is given on the command line. If you omit the -oP parameter, the init script will malfunction.

1.4.4. How do I configure exim to use a different port to send mail

This does only make sense when delivering to a smarthost. Starting with exim4 4.63-5, you can enter smarthost.example::portnumber as a smarthost to have exim deliver to a different port.

With earlier exim versions, you need to modify the smarthost and hub_user_smarthost routers manually.

How to fix Exim4 ‘mailing to remote domains not supported’ error

Based on the information available from the log files, we debug and fix the error with these steps.

2. Mail server configuration

By default, Exim4 is configured to send mails only locally. The fix is to reconfigure it to allow mails to be sent to remote domains.

Exim configuration can be changed in two ways:

1. Editing the exim.conf file and update the parameter “dc_eximconfig_configtype=’internet’”.

2. Running the configuration wizard using ‘dpkg-reconfigure exim4-config’ command. This wizard presents the options to choose the “mail server configuration type that best meets your needs.”

The supported mail server types are:

b. mail sent by smarthost – This allows to forward outgoing mails to a third party mail server, called a “smarthost”. This mail server delivers mails to the destination. It also stores stores incoming mails to your server, until you download them.

d. local delivery only – This is the default option in Exim4 and it supports only local delivery.

From these configuration settings, we choose the option ‘internet site; mail is sent and received directly using SMTP:’, as that it the option that supports external mail delivery.

Exim is restarted after the changes and confirmed that it is working fine. Care has to be exercised while modifying Exim configuration, as even a single mistake can render the service non-functioning.

3. Test the mail delivery

After reconfiguring Exim4 to send mails to external domains, mails were delivered fine to outside addresses like gmail.com, no longer showing the error ‘mailing to remote domains not supported’.

4. Additional mail configuration

Additional points we check in mail server functionality are the hostname settings, SPF, RDNS, mail filters, etc. Due to enhanced security restrictions, many of these features are now vital for mail function.

Hostname is usually set as FQDN (Fully Qualified Domain Name) in the format ‘hostname.domainname.tld’ . Exim is also configured to accept mail only from local addresses, to avoid open relay.

1.8. Packaging issues

1.8.1. exim4-config should depend on exim4-base, shouldn’t it?

No, it shouldn’t. It’s entirely possible to (want to) install an exim4-config package on a machine that doesn’t run exim4 — for instance in order to examine the configuration before upgrading the machine to the exim4 packages using that configuration.

exim4-base correctly depends on a package providing one of the virtual packages exim4-config{,-2}. The requirement is that installing exim4 ensures that an appropriate configuration is installed, not vice versa. (Answer by Adam D. Barratt, in response to #310750, thanks!)

1.8.2. Why are you not using exim’s built-in SPF interface?

exiscan 4.34-22 introduced support for the Sender Policy Framework by means of a spf ACL condition. We have chosen not to use this command, but implement this functionality in the Debian packages by means of external calls to spfquery

Rationale:

  • Calling spfquery is a reliable method, because it’s the most transparent and easy to debug. It is also the method we have tested more thoroughly and are most experienced with.
  • We do not want to drag in another library dependency. That would add more potential for bugs and maintenance work than a configuration snippet that is disabled by default.
  • We haven’t verified that all the features of spfquery are available using built-in support as well (in particular, support for X-SPF-Guess header, or the ability to add user extensions that rely on the same checks).

If you’d rather use exiscan’s own SPF interface, you need to rebuild exim. The source package offers infrastructure to build your own exim4-daemon-custom with your own feature set.

Рейтинг
( Пока оценок нет )
Понравилась статья? Поделиться с друзьями:
Мой редактор ОС
Добавить комментарий

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: