Q0432

Nigel Metheringham edited this page Nov 30, 2012 · 4 revisions
Clone this wiki locally

Q0432

Question

I use NIS for my user data. How can I stop Exim rejecting mail when my NIS servers are being restarted?

Answer

Exim doesn't know that you are using NIS; it just calls the getpwnam() function, which is routed by nsswitch. Unfortunately, getpwnam() was never designed to be routed through NIS, and it returns NULL if the entry is not found or if the connection to the NIS server fails. This means that Exim cannot tell the difference between no such user and NIS is down. Crutches to help with this problem are finduser_retries in Exim, and nscd on the Unix side, but they are not perfect, and mail can still be lost. However, Nico Erfurth pointed out that you can create a router for Exim that tests for the availability of NIS, and force a defer if NIS is not running:

check_nis:
   driver = redirect
   data = ${lookup {$local_part} nis {passwd}{}}

This should be placed before any router that makes any use of NIS, typically at the start of your local routers. How does it work? If your NIS server is reachable, the lookup will take place, and whether it succeeds or fails, the result is an empty string. This causes the router to decline, and the address is passed to the following routers. If your NIS server is down, the lookup defers, and this causes the router to defer. A verification of an incoming address gets a temporary rejection, and a delivery is deferred till later.