Author: Andreas J Mueller Date: To: Matt Bernstein CC: exim-users Subject: Re: [Exim] callout problem
Hi Matt!
> Exim was silly enough to believe youpy's MX record of 127.0.0.2--thank
> goodness for its rate-limiting, otherwise it would have surely exploded!
That's strange. Whenever I happended to come upon an MX like that
one, sender verify failed _before_ the callout with an error message
("All MX records point to invalid hostnames or (invalidly) to IP
addresses").
"allow_mx_to_ip" can be set in the main config, to allow Exim to treat
IP addresses in MX records as valid. If you have used this, you
surely knew what you were doing. ;-)
Even then, Exim should complain, because the dnslookup router has
ignore_target_hosts set to 0.0.0.0:127.0.0.0/8 (by default). No
callout will be done, as the domain is unrouteable.
But what's the worst that could happen? Exim would make a callout to
itself, through the localhost interface. Then it would either accept
the destination address (because localhost is allowed to relay) or
reject it. Unless you have been messing with the "MAIL FROM:<>" to
contain any other sender address, which could create a loop.
> I don't know what the right thing to do here is.. ..is it worth hacking
> do_callout in verify.c to check it's actually going to connect to a
> sensible IP address?
No need to do this, Exim already has all the required functions to
prevent this from happening. You just have to configure it correctly.