Re: sender_verify_fixup - doesn't seem to work

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Philip Hazel
Dátum:  
Címzett: Stuart Lynne
CC: John Henders, exim-users
Tárgy: Re: sender_verify_fixup - doesn't seem to work
On Tue, 17 Dec 1996, Stuart Lynne wrote:

> Checking an A record after MX soft failure seems to be an easy change.
> If the test after the MX dns_lookup was changed then exim would attempt to
> look for an A record on MX failure.


>From RFC 974:


If the response does not contain an error response, and does not
contain aliases, its answer section should be a (possibly zero
length) list of MX RRs for domain name REMOTE (or REMOTE's true
domain name if REMOTE was a alias). The next section describes how
this list is interpreted.

<snip>

It is possible that the list of MXs in the response to the query will
be empty. This is a special case. If the list is empty, mailers
should treat it as if it contained one RR, an MX RR with a preference
value of 0, and a host name of REMOTE. (I.e., REMOTE is its only
MX).

My interpretation of that is that one should only go looking for an A
record after successfully discovering that there are no MX records, and
not after DNS timeouts and other failures. As Piete says, not following
this rule can lead to mail being sent to the wrong machine.

Failing scenario:

Consider a zone foo.com, with nameservers a.foo.com and b.foo.com. There
will be A records for those hosts in the com zone (so called "glue
records"). Now, suppose that the zone contains

a.foo.com    MX  5    mailhost.foo.com


(or even *.foo.com MX ...) and the network connection to the foo.com
nameservers is down. The outside world will get timeouts or other
temporary failures on looking up the MX records, but will be able to see
an A record for a.foo.com. However, you don't want to send the message
there.

--
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714