Autor: Eli Data: A: 'Brian Candler' CC: exim-users Assumpte: RE: [exim] Can't get @mx_any to get MX lookup failures to be ignored
Brian wrote: > I don't know if there is - but I'd just observe that Exim
> seems to be doing The Right Thing[TM] here.
In a way yes, however the error reported due to Exim having no way to ignore
or reject a DNS error in an @mx_any (or _primary/_secondary) is what's
causing me some grief.
> As you know, the decision as to whether a domain is local or
> not is important, as it fundamentally influences the routing
> and ACL decisions (i.e. should I try looking up names in the
> local account database? or should I try a remote delivery? Is
> this an attempt to relay, and if so, is it
> authorised?)
Yes - the domain in question (cpp-db.com) is not local, and I know what
would happen if I had Exim ignore and accept a broken DNS entry - with my
config, Exim would not accept the email and would instead default to my
final routers error message (not sure what that is at the moment), which
would make me happier than Exim deferring temporarily with a "temporary
local problem" message. This has caused the domain to retry email countless
times to my systems, and although not annoying to me, does cause users to
wonder whats up with their email, and ask me what this "local problem" is
(and trying to teach them about DNS isn't so fun either).
> So you could use @mx_primary instead of @mx_any - and since
> the cpp-db.com failure was on a backup MX record, this
> particular problem might be solved.
I do have domains that do not use my systems as primary MX records and just
POP off messages (I don't offer ETRN) if there are any. For this reason I
can't use @mx_primary or @mx_secondary. I had noticed that in Exim docs as
well, but it won't suit my situation unfortunately.
> Sorry that doesn't answer your actual question though. I do
> think however that @mx_any/defer_ok would be (in my opinion)
> a dangerous option. Actually you'd need two options: (1)
> defer implies this domain *is* included in mx_any, and (2)
> defer implies this domain *isn't* included in mx_any.
True, which was why maybe allowing those two neat DNS switches that you can
have in hosts lists in to domain lists might be a better choice?
> To solve it in your way, you could perhaps rearrange the router logic: >From what I understand, it doesn't matter how I organize it, as long as I rely on ever doing an @mx_* lookup, if there's any broken DNS in the domain,
Exim will issue a local problem if it can't resolve an MX record (unless
it's only due to my exclusion modifier, which I need though).
> However, you're still likely to have a problem with ACLs,
> since your anti-relaying controls are going to need to know
> whether a domain is local or not. So this is really just a
> demonstration of why using @mx_any or @mx_primary is a
> dubious thing to do, and you'd be better just listing all
> local domains in your exim.host.db anyway.
True - it would be nice if it were usable without this type of problem
though... And I do think I have all my hosts in the local file, so I'm
*still* not sure why I even have this mx lookup thinger in my config -
probably just left overs from previous configs.