Re: [exim] howto force dns-lookup for local domains

Top Page
Delete this message
Reply to this message
Author: Marten Lehmann
Date:  
To: exim-users
Subject: Re: [exim] howto force dns-lookup for local domains
Hello,

> @mx_primary is a special domain list that matches all domains that have
> your server as their primary MX. You can use that (or @mx_any, if the
> users may reasonably use your server as a secondary MX). See section
> 10.8 of the specification.


but will exim accept mails from smtp-port if these domains are not in
@mx_primary?

> However, you still need to make sure that no user can steal the mail
> from any other user that owns a domain that *does* point to your server.


Each domain belongs to one customer, so within a domain name, it is not
possible to steal mails. But not all domains our mailserver manages are
registered through us, so we cannot control if a domain name is entered
legally or illegally (for hotmail.com it might be obviously that it's
not legal, but for other domain names it's not that clear and besides
that we don't create profiles manually but automated, so we cannot check
each domain that is entered).

> Sounds dangerous in any case. Is it infeasible to manually approve all
> domains the users want to forward from?


Yes. An external mailserver will only call our mailserver if the
mx-record points to it, so at this point it wouldn't be a problem if
hotmail.com would be created on our mailserver, because noone would care
about it. But if there is an internal forwarding to a hotmail.com
address, I don't know how to force the dns-lookup step again instead of
simply lookup in the local domain list.

Regards
Marten