Re: [exim] Email DNS Issue

Matt wrote:
>> ISTR the version you show above does not call-out to the connecting host
>> at all.
>>
>> But in the OP you cited a rejection OF the far-end BY your server.
>>
>> That sounds like you ARE doing a callout.
>
> No callouts, that gets you black listed.

Agreed - or it *may* do. In any case, best reserved for use
between/among an affinity group or pool of servers under
common/cooperative control.

So that clause is essentially a 'red herring', not the cause.

> Unless you call a DNS look
> up of the sending email address domain a call out and thats all its
> doing.

Those are fine - they don't ordinarily reach the sending server anyway -
only the nearest up-to-date nameserver.

HOWEVER - you may need to:

- allow for slow / failed response

AND/OR

- replace dodgy nameservers with better ones.

AND/OR

- run a local caching, recursing DNS that can keep the records asked for
up-to-date between erratic responses.

AND/OR

- add a commonly-accessed but problematic far-end to /etc/hosts

NB: We do all of the above...

> When its not working a "dig there_domain mx" results in
> SERVFAIL so I am still guessing the error Dnsstuff reports something
> about cnames in the mx records is the trouble.
>
> Matt
>

It certainly is not 'optimal' - but Exim is less pedantic about such
things than bespoke DNS checking tools.

BTW - do the records in question (also) have abnormally short ttl's?

Bill