I am going to add a domain to relay on one of my servers and
naturally have been asking myself what method to use to check for the
recipient. Clearly recipient callout is an option but if the local
part is not cached it will temporarily fail (when the primary is
unreachable; the rest is spam...).
So, what about using dns records?
Suppose I relay for example.com, I would then set a subdomain, say
lusers.example.com, populated with the valid recipients in
example.com, thus:
user1.lusers.example.com A 127.0.0.1
user2.lusers.example.com A 127.0.0.1
and perhaps use different RH values for temporarily rejected
addresses (or whatever..).
Another option would be to use TXT records like:
user1.lusers.example.com TXT "1" <<< valid user
user2.lusers.example.com TXT "1"
user3.lusers.example.com TXT "not here anymore"
so that I can pass the content of the TXT in the 5xx error when required.
If my MX is secondary NS for example.com (or just
lusers.example.com), this list would be authomatically kept in synch
and be valid even when the primary (that would also be the primary MX
for example.com) is down/unreachable.
I would clearly protect access to the subdomain with the allow-query
option in that zone, although I doubt that anyone would notice that
it exists.
Opinions?
g
