Re: [Exim] Sender verification and A records

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Marc Haber
CC: exim-users
Subject: Re: [Exim] Sender verification and A records
On Mon, 28 Feb 2000, Marc Haber wrote:

> |250 warning: temporarily unable to resolve sender address: accepted unverified <spamtest@???>


> |mh@q[2/502]:~$ host -t ANY mailrelay.example.com
> |mailrelay.example.com    A       ip.ip.ip.ip


That does not prove the absence of an MX record unless your local
nameserver is authoritative for the zone. "ANY" is a snare and a
delusion. It means "give me all the records you happen to have for this
domain".

> Obviously, sender address verification is done by doing MX lookup
> only.


Not true. Sender address verification is done by running the address
through the directors and routers. Whether it uses MX or A record is a
function of the configuration.

> Is there a reason why existence of an A record is not accepted
> as verification for a sender?


I *suspect*, but cannot test because you didn't give the real domain
name, that you have hit on one of the depressingly common cases where
attempting to look up an MX record yields SERVFAIL (lookup failure)
rather than NXDOMAIN ("no such domain"). In this case, Exim has to give
up. The rules state that it can only go and look for an A record if it
knows for sure that there is no MX record. See FAQ Q0313.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.