Re: [Exim] sender_verify_hosts and unresolvable domains

Pàgina inicial
Delete this message
Reply to this message
Autor: Dave C.
Data:  
A: Marc MERLIN
CC: exim-users
Assumpte: Re: [Exim] sender_verify_hosts and unresolvable domains

On Mon, 25 Jun 2001, Marc MERLIN wrote:

> I have
> sender_verify_hosts = /etc/mail/checksender/baddomains:*
> which contains:
> !sourceforge.labs.agilent.com


This setting says which HOSTS can connect and not have the sender
verified. This doesnt say what senders dont get verified. (Eg, if you
connect from a machine thats IP address has a PTR record which gives
"sourceforge.labs.agilent.com", then no sender addresses will be
checked.

>
> If I send a mail with:
> From: noreply@???
>
> it gets refused because:
> routing noreply@???, domain sourceforge.labs.agilent.com
> lookuphost router called for noreply@???
> dns lookup: route_domain = sourceforge.labs.agilent.com
> DNS lookup of sourceforge.labs.agilent.com (MX) gave TRY_AGAIN
> sourceforge.labs.agilent.com in dns_again_means_nonexist? no (end of list)
> returning DNS_AGAIN
> lookuphost router deferred sourceforge.labs.agilent.com
> message: host lookup did not complete
> verification of sender from message headers deferred
>
> kenny:/etc/mail# host -t any sourceforge.labs.agilent.com
> sourceforge.labs.agilent.com    NS      cosns1.agilent.com
> sourceforge.labs.agilent.com    NS      cosns2.agilent.com
> sourceforge.labs.agilent.com    NS      andns1.agilent.com
> sourceforge.labs.agilent.com    NS      sclns1.agilent.com

>
> (it's an internal domain that can't be resolved outside of the company and
> unfortunately the From: header cannot be fixed)


Then it is a violation of RFC for any mail with an email address in that
domain to leave your 'internal' system. The solution is to use a valid
email address (at the very least the domain part should be valid - but
many systems with SMTP callback configured will reject your message if
there isnt a valid MX which would accept mail for that address)

Even if you can convince your system to allow this broken message
through, many other system which are configured to validate header
addresses will reject it. The correct solution is to always use valid
email addresses in headers, especially the From: header.

There is no legitimate concept of sending mail from 'nowhere', or of not
allowing a reply (Many spammers would like to think there is, but there
is not) (I'm not suggesting that you are spamming, however)

You are working at VAlinux, yet you are using some sort of software that
sends mail and cannot have this serious bug corrected? That seems odd.