Re: [Exim] Verisign pulls a fast one

Top Page
Delete this message
Reply to this message
Author: Chris Thompson
Date:  
To: exim-users
Subject: Re: [Exim] Verisign pulls a fast one
Walt Reed <exim@???> writes:
> On Thu, Sep 18, 2003 at 01:22:24AM -0700, Avleen Vig said:
> > On Wed, Sep 17, 2003 at 07:16:03PM -0400, Walt Reed wrote:
> > > Many mail servers fall back to the A record when no MX exists.
> > > BTW, anyone have an ACL that rejects mail when the sender envelope
> > > domain does not have a valid MX record?


[Others have pointed out that you can do this by having mx_domains = *
on your dnslookup router and using recipient verification.]

> > I wouldn't recommend this. It's perfectly legal for DNS zones to not
> > have MX records and still send and receive mail.
> > An MX record simply allows you to have a smaller set of hosts receive
> > all mail for that zone, instead of each individual machines receiving.
>
> ... which is one of the reasons (probably the largest) that wild-card
> records were created in the first place! I just did a quick check of
> about 2 years worth of mail archives. NONE of my non-spam mail was
> missing MX records. What is technically correct, and what is commonly
> accepted practice are two different things. I reject mail all the time
> that is technically correct yet fails my (and spamassasin's) more
> stringent criteria.


And anyway, can we trust Veri-"all your name are belong to us"-sign not
to create *.com and *.net wildcard MX records as well as A ones?

| You sent a message to friend@???. That domain does not
| exist, but Verisign can register it for you for less than the cost of
| your mortgage. By the way, we've saved the compromising parts of your
| message for use in case you fail to take up this very reasonable offer.


Chris Thompson
Email: cet1@???