Re: [exim] testing the ip agains the domain MX record.

Top Page
Delete this message
Reply to this message
Author: Stephen Gran
Date:  
To: Exim-users
Subject: Re: [exim] testing the ip agains the domain MX record.
On Thu, Feb 24, 2005 at 08:42:29PM +0000, pablo rey said:
> hello it's possible to verify if an incomming smtp connection is
> generated by the MX record for the domain listed in the from field of
> the header. i want to verify this so i can make sure that every mail
> i accept is comming from one of the mail servers of that domain. i
> can't find any option for this check. only verify = sender but this is
> not what i'm looking for. thanks in advance.


This is a really bad idea, and will bounce you quite a lot of legitimate
email if you do so. Many places use seperate machines to process
incoming and outgoing mail, and only the incoming has an MX record. SPF
is intended to address exactly this sort of issue, but handles it in a
slightly smarter. I only say slightly because it introduces a whole
host of other problems, and it really solves very little in the long
run. Witness the recent change in trojan behavior to send spam and
virus email via the ISP's smarthost - SPF checking would say the mail
was great, and you still wind up with a mailbox full of garbage.
--
--------------------------------------------------------------------------
|  Stephen Gran                  | echo "Congratulations.  You aren't      |
|  steve@???             | running Eunice."              -- Larry  |
|  http://www.lobefin.net/~steve | Wall in Configure from the perl         |
|                       | distribution                            |

--------------------------------------------------------------------------