Thanks to all who mailed me. That wasn't my best example ever. I *do* have
an A record for my MX... I don't care about *my* exim that is bounced by
others...
What I tried to convey is that not every reverse lookup will necessarily
reveal the same host.
<better example>
foo.org MX 10 mail.foo.org
foo.org NS ns.isp.com
mail.foo.org IN A 123.1.2.3
bar.net MX 10 mail.bar.net
bar.net NS ns.isp.com
mail.bar.net IN A 123.1.2.3
isp.com MX 10 mail.isp.com
isp.com NS ns.isp.com
mail.isp.com IN A 123.1.2.3
3.2.1.123.in-addr.arpa IN PTR mail.isp.com.
</better example>
The above setup is typical for an ISP that hosts virtual domains. AFAIK
the above setup more or less complies with the RFCs.
The problem is when I do check_sender and bubba@??? sends me a mail.
Exim sees "mail.foo.org [123.1.2.3]", does a reverse lookup and finds
"mail.isp.com" -> spam?
Note that mail.foo.org is the MX for domain foo.org, and yes, it has an A
record.
That's why I wondered if it wouldn't be better to check "is mail.foo.org
really 123.1.2.3 ?" plus "is mail.foo.org really an MX for domain foo.org
?"
See? No CNAMEs this time...
--Ben (bhoc at domain pentagroup in country ch with an MX that is not a
CNAME)
