Phil Pennock wrote:
[MX pointing to a loopback IP]
> That could be dealt with using a dnsdb mxh lookup in a condition.
> Whether or not you think this corner case worth dealing with is another
> matter.
>
> More seriously -- what if the current DNS is broken? This might be why
> they're moving their service to you. You should probably set
> "pass_on_timeout" on the dnslookup_not_yet_hosted Router, so that if the
> DNS is timing out then this Router declines the address and it's passed
> onto the following Routers, which deal with it locally.
That's a good idea, but I won't include this because I then could think my
e-mail (containing credentials) has reached the customer who's then going
to complain after some days ;-) If I leave it out, I'll be aware of the
misconfiguration and can ask her for other contact data.
>> The ignore_target_hosts line is from Debian's dnslookup router.
>
> What, no multicast? :^) I've a vague recollection that the socket API
> should fail to connect() a TCP socket to a multicast destination, but in
> the interests of "this router has to be paranoid about existing DNS
> having a high risk of being broken", it might be worth considering;
> perhaps, if you do defend against localhost MX in a condition then you
> can use the match_ip expansion condition to test it against a list.
>
> If you're not on Exim 4.67 yet then this paranoia is better left for
> when you are, as it's a job for "forall".
Debian stable is at 4.63 (see
http://packages.debian.org/exim4). Paranoid
routers depend on me being paranoid, which I'd prefer to decline :-)
forall seems to be a cute condition.
Peter
