On 15/04/2023 23:31, Sebastian Arcus via Exim-users wrote:
you might be able to use cutthrough delivery from the front-end to the
real server, which might allow you to reject rather than bounce some of the
time; it might even help with your SPF dilemma ?
That was my intention - so that the back-end machines can verify if the
recipient exists. Are you saying that when using cutthrough delivery, this
doesn't add an extra header to the email message - so this way it wouldn't mess
up the SPF checks on the back-end machine
No. A Received: header is always added, cutthrough or store-and-forward.
(I was assuming that the front-end machine would add another header to the
incoming email, which would make it appear to be one of the sending servers -
which I then assumed would fail the SPF checks on the back-end machines)
(The original) SA presumably relies on Received: headers to get the sending IP;
there's
no setting in the API being used to call it.
The RSPAMD variant call does, however - so if there were enough call for it
a feature could be added to Exim to set that from the config; that in turn
could use on the backend Exim info added to the message by private agreement
with the
frontend (eg. an A-R header).
OR:
you could use the SA feadture "ignore_received_spf_header", do the SPF checks
on the
frontend, and add that header to transfer the info
you could use the rspamd feature
https://www.rspamd.com/doc/modules/external_relay.html
OR:
you could just run SA on the frontend
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
