[Exim] no IP address found for host [our own domain]

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Alan J. Flavell
Datum:  
To: Exim users list
Betreff: [Exim] no IP address found for host [our own domain]
I'm noticing a number of occurrences in our mainlog which show e.g:

2003-07-09 12:34:21 no IP address found for host physics.gla.ac.uk

I think I've tracked these down to a subset of situations where our
own users are connecting from their client node and transmitting mail,
and I think the messages appear because they're presenting one of our
own domains in their HELO.

I think this might be interacting with the main configuration option
helo_try_verify_hosts , is that a plausible explanation?

For the domains in question, there exist MX DNS entries for the
domain, but there's no A record. I realised however, after looking at
the documentation again, that this check is trying to look-up the HELO
name as the address of the host, not as the MX of the email domain.

The aim of the check, in our usage, is not to reject clients or MTAs
which fail it, but as a handle for throwing some scores into the
spam-rating for peer MTAs that don't present a convincing HELO: I
don't really want to meddle with our users when they are behaving as
otherwise-acceptable clients.

One could make this a bit more discerning as to which hosts it's going
to try verifying, but when one of our users comes in from his home ISP
as a client, with an authenticated connection, it's still not going to
match...

What would be the recommended way of doing this nowadays? - maybe
these main configuration options are too broad-brush: one could now
have an acl_smtp_helo section, but I'm not sure whether I should be
trying to mimic this functionality in an ACL when it's already
built-on and available from the main configuration...

Or maybe the log message cited above is doing no harm (other than
being noise), considering that it's only a "try"_verify, and that
the ACL which actually does the work of computing the bogosity score
can readily disregard the non-verification for our respected clients.

Sorry if this is too elementary a question. Thanks.