Re: [exim] Can't get @mx_any to get MX lookup failures to be…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Brian Candler
日付:  
To: Eli
CC: exim-users
題目: Re: [exim] Can't get @mx_any to get MX lookup failures to be ignored
On Fri, May 06, 2005 at 01:22:40PM -0400, Eli wrote:
> domainlist treat_as_local       = ${lookup {$domain} dbmnz
> {/etc/exim.host.db} {${if > {$value}{0} {$domain}{}}}{}} :
> @mx_any/ignore=!1.2.3.4

...
> 7821 H=(test) [216.209.84.151] I=[66.165.125.115]:2525 temporarily
> rejected MAIL <user@???>: DNS lookup of "cpp-db.com" deferred

...
> Is there any way I can have Exim ignore an MX lookup failure for @mx_any ?


I don't know if there is - but I'd just observe that Exim seems to be doing
The Right Thing[TM] here.

As you know, the decision as to whether a domain is local or not is
important, as it fundamentally influences the routing and ACL decisions
(i.e. should I try looking up names in the local account database? or should
I try a remote delivery? Is this an attempt to relay, and if so, is it
authorised?)

Given that this domain does not exist in your exim.host.db, then whether or
not the hostname has an MX record which resolves to your machine is
critical, and can't be left to chance in the event that the DNS can't tell
whether it does or not.

However, in this particular example, there might be a simple solution. If
your "treat_as_local" domainlist means addresses which should do a database
lookup and perform local delivery, then presumably you only want to do this
if this machine is the *primary* MX for this domain. Otherwise, it's just
acting as a backup/relay host, and should relay via SMTP.

So you could use @mx_primary instead of @mx_any - and since the cpp-db.com
failure was on a backup MX record, this particular problem might be solved.

Sorry that doesn't answer your actual question though. I do think however
that @mx_any/defer_ok would be (in my opinion) a dangerous option. Actually
you'd need two options: (1) defer implies this domain *is* included in
mx_any, and (2) defer implies this domain *isn't* included in mx_any.

To solve it in your way, you could perhaps rearrange the router logic:

1. Try a local database lookup always (regardless of whether domain is in
exim.host.db and regardless of DNS). If found, then deliver.
2. Otherwise, check if the domain is in exim.host.db or @mx_primary, and
bounce if it is.
3. Otherwise, this is a non-local delivery.

However, you're still likely to have a problem with ACLs, since your
anti-relaying controls are going to need to know whether a domain is local
or not. So this is really just a demonstration of why using @mx_any or
@mx_primary is a dubious thing to do, and you'd be better just listing all
local domains in your exim.host.db anyway.

Just a few thoughts,

Brian.