Re: [exim] check_srv anyone?

Top Pagina
Delete this message
Reply to this message
Auteur: John Horne
Datum:  
Aan: Exim users
Onderwerp: Re: [exim] check_srv anyone?
On Fri, 2005-06-10 at 10:59 -0500, Edgar Lovecraft wrote:
> John Horne wrote:
> >
> ..[snip]...
> >
> > In trying it out on one of our mailhubs I have already hit a problem
> > with 2 sites. I'm not sure but it seems that MS Windows servers uses
> > the, for example, '_tcp.plym.ac.uk' domain in dealing with ADS/accounts
> > (maybe?). Access to the domain may well be restricted only to local
> > users, i.e. no dns lookups allowed. As such check_srv gets a dns server
> > failure and sends a 4xx code back (as far as I can tell). This seems to
> > be the problem with the 2 sites we have, and I'm just wondering if using
> > check_srv is worth the hassle (to put it bluntly!)?
>

[snipped]
> In your case, it sounds to me that the server(s) in question are
> pointing the DNS query to a server that is not publicly accessable (at
> least for that information),
>

Correct (I am told).

> and I would wager large sums of money that even if you did get a
> response for the SRV record, in the end, the data would try and point
> you to private IP space addresses, and or networks and servers ;)
>

Hmm, which may or may not be worse :-) Sender callout verification would
fail - the smtp transport excludes private addresses - so we would
reject the message completely rather than at the moment the sender
receiving a temporary failure from us. Ultimately of course the senders
MTA, I assume, would give up trying to send to us and return the message
to the original sender.

My concern is that a sending site may well want to secure their MS
servers as much as possible (understatement??), and that includes no
external access to its DNS zone if the records are only used by their
own users/servers. As such I suspect this (SRV lookup) would be a common
problem, and for us to ask them to open up their server for us to
resolve the DNS records is of course not on. So perhaps
'srv_fail_domains' should default to '*'?



John.

-- 
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 233914
E-mail: John.Horne@???       Fax: +44 (0)1752 233839