Re: [Exim] Refusing mail because of missing MX record

Top Page
Delete this message
Reply to this message
Author: dman
Date:  
To: exim-users@exim.org
Subject: Re: [Exim] Refusing mail because of missing MX record
On Mon, Apr 01, 2002 at 12:09:47PM -0800, John W Baxter wrote:
| At 19:52 +0300 4/1/2002, Lauri Tischler wrote:
| >There was some discussion about that on another forum.
| >Any pros or cons ??
| >
| >Idea was that if sending server does not have valid MX record
| >it is so badly administered that it is propably sending spam
| >as well (and their users have lice and bad breath) :)

|
| MX records identify servers which are used to receive mail from the world.
| There is no obvious reasons why the same servers send the mail for the
| entity in question. And there are several reasons for the receiving and
| sending servers to be distinct groups.


Right, but the domain to check is the one given in the MAIL FROM:
command.  If I tell you
    MAIL FROM: <localpart@???>
    RCPT TO: <insert-your-address-here>


You can't reply to that message (or deliver a bounce) because that
domain doesn't exist. Ok, so when delivering you try to fall back to
the A record, but there SHOULD be an MX. In all likelihood, properly
set up systems will have an MX. Reverse DNS is a different matter
(sorry, I don't have one; I can relay through a smart host, though).

| You will reject mail from some small entities whose mail you might not want
| to reject.


Possible. It's a tradeoff between how much spam you think you'll
reject and how much real mail you'll miss.

| At the moment I looked, the most recent mail received from Microsoft had
| come in from
| smtppassport5.microsoft.com (the EHLO and the IP address agreed on that).


The EHLO isn't the thing to check. The MAIL FROM: is. I bet that
message had "@microsoft.com" in the MAIL FROM:, thus it would be ok
according to this check.

-D

--

Python is executable pseudocode. Perl is executable line noise.