You could set verify_only for some routers if you wanted, but I wouldnt
recommend it. What sender_verify does is makes sure that exim could
send a message *to* the sender of the message it is receiving.
If you enforce MX discipline for remote domains, than your exim would
not be able to send mail to an address in a remote domain that had only
A records. If you allowed exim to receive a message from a sender in
that domain, and then for some reason it needed to return a
non-delivery report, your exim would be unable to do so.
Personally, I would love to mandate MX records for all mail.
Unfortunately, the Internet is way past any possibility of
realistically expecting such full RFC compliance (on that and any
number of more important matters as well), so I permit MX or A records
for remote domains.
I actually have the exact opposite of your configuration - I *DO*
enfore MX processing on our local domain - eg, if I dont add an MX
record for it, we dont accept mail for it. This prevents people trying
to address mail to (or from), for instance, a webserver or a dns
server. Only domains with MX records are valid.
On Tue, 7 Nov 2000, Bruno Vuillemin wrote:
> Hello everybody
>
> Problem :
> When performing a "sender_verify" action on incoming mail, it seems that
> the various lookuphost routers are tested. As a result of our configuration
> (see below),
> a domain with no MX but only an A record is rejected though it shouldn't be.
> I thought that these routers were for outgoing mail ("remote addresses") only
> and not
> for verification.
>
> How can I configure exim to accept messages from domains with either
> an MX _or_ an A record while keeping our lookuphost configuration?
>
> ---
>
> Excerpt from our configure file :
>
> (I replaced some real domains by "some-other-domains")
>
> # Main configuration settings
> sender_verify
> local_domains = @:unifr.ch:*.unifr.ch:some-other-domains.ch
> end
> # routers configuration
> #
> # follow MX discipline for computers outside our network
> lookuphost_mx:
> driver = lookuphost
> domains = "!*.unifr.ch:!*some-other-domains:*"
> transport = remote_smtp
> # don't do an MX request for computers in our network
> # do an A request
> lookuphost_a:
> driver = lookuphost
> domains = "*.unifr.ch:*.some-other-domains.ch"
> transport = remote_smtp
> gethostbyname=true
> # RFCs require this
> literal:
> driver = ipliteral
> transport = remote_smtp
> end
> ----
> Now If I want to verify anonymous@??? :
> 451 rejected: temporarily unable to verify sender address (try again later)
> <anonymous@???>
>
> ---
> The test : (using the -bi option as advised by this so good documentation)
>
>
> $HOME/bin/exim -bh 216.156.2.4
>
> **** SMTP testing session as if from host 216.156.2.4
> **** Not for real!
>
> >>> host in host_lookup? yes (0.0.0.0/0)
> >>> looking up host name for 216.156.2.4
> >>> IP address lookup yielded ns1.9netave.com
> >>> host in host_reject? no (option unset)
> >>> host in host_reject_recipients? no (option unset)
> >>> host in sender_unqualified_hosts? no (option unset)
> >>> host in receiver_unqualified_hosts? no (option unset)
> >>> host in helo_verify? no (option unset)
> >>> host in helo_accept_junk_hosts? no (option unset)
> 220 siufuxsun04.unifr.ch ESMTP Exim 3.03 #1 Mon, 06 Nov 2000 15:28:32 +0100
> HELO mail7.9netave.com
>
> I got this name from the log file after the problem was dectected.
>
> 250 siufuxsun04.unifr.ch Hello ns1.9netave.com [216.156.2.4]
> MAIL FROM: anonymous@???
> >>> anonymous@??? in sender_reject? no (option unset)
> >>> anonymous@??? in sender_reject_recipients? no (option unset)
> >>> host in sender_verify_hosts? yes (*)
> >>> verifying sender anonymous@???
> >>> anonymous@??? in root@@? no (end of list)
> >>> anonymous@??? in exim@@? no (end of list)
>
> (lot of lines without too much interest)
>
> >>> web.directnic.com in local_domains? no (end of list)
> ok
> >>> web.directnic.com in "!*.unifr.ch:!*.some-other-domains:*"? yes (matched *)
>
> ?????? what's going on ?
> The only place in the configuration file where this string exists
> is where the lookuphost_mx lookuphost driver is defined. Why does it
> appears here ?
> this is not outgoing mail ...
>
> >>> web.directnic.com in dns_again_means_nonexist? no (end of list)
> >>> temporary error while verifying anonymous@??? - will give
> error after DATA
> ok, this is the origin of the problem.
> 250 <anonymous@???> is syntactically correct
> ...
>
> Last remark : web.directnic.com doesn't have any MX (at the time of writing)
> but does have an A record.
>
> What does I do/understand wrong ?
> Any comments ?
>
> Thanks in advance.
>
> Bruno Vuillemin
>
