RE: [exim] Deny domains with nonexistent MX

Top Page
Delete this message
Reply to this message
Author: Rick Cooper
Date:  
To: Odhiambo G. Washington, exim-users
CC: 
Subject: RE: [exim] Deny domains with nonexistent MX


> -----Original Message-----
> From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org]On
> Behalf Of Odhiambo G. Washington
> Sent: Monday, January 17, 2005 6:27 AM
> To: exim-users@???
> Subject: [exim] Deny domains with nonexistent MX
>
>
> Hello,
>
> Forgive me if I have missed an obvious answer to this in spec.txt.
>
> What is the best way to deny smtp service to a sender_domain whose
> MX records don't exist? I would like to do this even if the host is
> in my +relay_from_hosts. For example, if I host a domain and I disable
> dns entries for it, sender_addresses using that domain and are in my
> +relay_from_hosts can still send mail via my server. I want to stop
> that as well.
> Other than listing them in a file and doing a lookup, is there another
> straight way within exim, something close to what reverse_host_lookup,
> but this time for MX only?
>


You have to have compiled in support for dnsdb (LOOKUP_DNSDB=yes)
and build your acl around a condition such as:

deny message = Denied do to a lack of MX records or other such message
hosts    = !AnyYouWantToExclude
condition = ${ if eq {${lookup dnsdb{mx=$Sender_address_domain}{$value}\
          {NO-MX-RECORD-FOUND}}}{NO-MX-RECORD-FOUND} {yes}{no}}



If, during the lookup you receive a dns error the condition will return
defer.
The downside to this would be there are legitimate senders who do not bother
to publish mx records and you fall through to the A record instead. I would
think you should have a specification of domains which you control (or
otherwise want included) and then change the acl to something like:

deny message = Denied do to a lack of MX records or other such message
sender_domains = /some/list/of/domains
hosts    = !AnyYouWantToExclude
condition = ${ if eq {${lookup dnsdb{mx=$Sender_address_domain}{$value}\
          {NO-MX-RECORD-FOUND}}}{NO-MX-RECORD-FOUND} {yes}{no}}




Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.