B. Cook wrote:
> Hello all,
>
> I am using exim as a mail hub for filtering and then passing to other
> exchange servers.
> I have recently turned off sender callouts as it was causing too much
> confusion for some recipients :(
>
> but now I have a new problem.. some of the recipient mail servers look
> at the incoming email address and try to verify the domain, or mx (I'm
> assuming.. )
>
A friend who survived Operation 'Market Garden' once told me:
"If necesity is the Mther of Invention, then Assumption is the Mother of all
F(oul) Ups".
If you are not comfortable with less obfuscation, then try these free tests:
- For your own mail hub, for the souce whose message is being rejected, and for
the destination that is reporting errors:
1)
host <the actual domain.tld>
host <whatever IP the above test returns>
ping <the actual domain.tld>
Do these match?
Then also:
dig any ptr <the actual domain.tld>
dig any mx <the actual domain.tld>
dig any <the actual domain.tld>
ping <each listed server with an 'A' record>
> I get things like this in the logs now:
>
> 2006-08-28 11:08:57 1GH7KP-0001Gq-Py == schoond@???
> R=manual_route T=remote_smtp defer (-44): SMTP error from remote mail
> server after RCPT TO:<schoond@???>: host 1.2.3.4[1.2.3.4]: 450
> <tywo@???>: Sender address rejected: Domain not found
>
> where 1.2.3.4 is a host that is ultimately accepting mail for
> domain.org. So what I have been looking for, and keep finding sender
> callouts as the answer, but I just want to verify that I could send them
> mail.. (I guess is what the 1.2.3.4 box is doing
>
> Doing a dnsmx on grounddesigns2000.com takes quite a long time..
"dig any grounddesigns2000.com"
- returns results for me in 124 msec, BUT appears to have a nameserver entry
only, no assigned IP of its own, nor anything else:
69-175-228-110:~ Bill3rd$ dig any grounddesigns2000.com
; <<>> DiG 9.2.2 <<>> any grounddesigns2000.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8482
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;grounddesigns2000.com. IN ANY
;; ANSWER SECTION:
grounddesigns2000.com. 172791 IN NS ns1.primarydns.com.
grounddesigns2000.com. 172791 IN NS ns2.primarydns.com.
;; ADDITIONAL SECTION:
ns2.primarydns.com. 172791 IN A 216.219.239.8
ns1.primarydns.com. 172791 IN A 216.219.239.7
;; Query time: 124 msec
;; SERVER: 217.150.241.4#53(217.150.241.4)
;; WHEN: Tue Aug 29 01:47:50 2006
;; MSG SIZE rcvd: 118
>
> Any help would be greatly appreciated.
>
> Thanks.
>
smtp services need to obey basic rules - starting with:
- a genuine and complete domain.tld registration
- proper top-level nameservers
- proper DNS entries in those, or in the nameserver they point to,
including:
-- a fixed, routable IP
-- SOA and at least 'A' records, hopefully 'MX' records
-- preferablly also PTR records in (at least) the local connectivity-provider /
IP-block holder's 'last mile' local router.
Correspondent MTA and MUA, as well as your own MTA must also have fast and
reliable access to all of these.
Anything less can, and should, be expected to be treated as 'broken', and/or
malicious zombie attacks, and denied travel.
'Pre-suming', not 'Ass-u-me'ing that this is the only non-obfuscated chunk of
information you have furnished, the problem appears to be missing DNS entries.
Nothing to do with Exim - you are shooting the messenger.
HTH,
Bill Hacker
