Re: [Exim] Re: abusive MX records look up to "mail."

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Old-Topics: Re: [Exim] Re: abusive MX records look up to "mail."
Subject: Re: [Exim] Re: abusive MX records look up to "mail."
[continuing a thread from some time back...]

On Tue, 24 Feb 2004, Philip Hazel wrote:

> On Tue, 24 Feb 2004, Alan J. Flavell wrote:
>
> > But irrespective of which way that decision falls, I do have this gut
> > feeling that the qualify_single setting should be ignored in the
> > second stage of the lookup, as I said above.
>
> Yes, that sounds plausible. But there is a potential catch...
>
> When a resolver is called to find MX records, it often returns the A
> records in the same return packet, if it happens to have them available.
> In that situation, there isn't a second stage lookup.


Indeed. But I suspect that the above detail might have been a bit of
a red herring...

In fact, if one of our users specifies an unqualified domain in an
"outgoing" mail, it gets dealt with somewhere else entirely. So it's
not clear that any benefit would come from having qualify_single
enabled in the first part of the MX lookup, either.


Well, I have to admit I had left the above thread dangling, but just
the other day we were hit by another instance of the problem. To be
specific, on this occasion it was compudataproducts.com

So, today I've tried adding the line

qualify_single = false

into the lookuphost: router, so that it now reads like this:

lookuphost:
driver = dnslookup
qualify_single = false
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8 : CONFIG_DIR/bogon-bn-agg.txt
transport = remote_smtp

(and I've fetched an updated copy of the bogons file from
http://www.cymru.com/Documents/bogon-bn-agg.txt , although
that's irrelevant to the present topic.)


Points of note:

* it evidently does the job that we wanted,

* it isn't causing any harm elsewhere (not that we've seen yet),

* I stumbled upon an earlier discussion in which someone had suggested
that the default setting of qualify_single for this router was badly
chosen and ought to have been "false". But I'm unable to find that
discussion again - sorry.

* noted item 56 in the 4.31 ChangeLog, but we aren't running that yet.
Also noted that there's a dns cacheing implication, which gets fixed
in 4.31.

I think that's where we're at now. Unless something horrible turns
up, I guess that ties up the loose ends. And my thanks to ChrisE for
re-activating my fading grey cells.

cheers