Autor: Peter Bowyer Data: A: exim users Assumpte: Re: [exim] Email DNS Issue
On 15/03/2008, Matt <lm7812@???> wrote: > > Its not a sender-verify like that. I THINK all it does is make sure
> > the sending email adresses domain has an mx record. I did not add
> > this to my exim config its just been there for years.
> >
> > ---
> > # Deny unless sender address can be verified:
> > # This statement requires the sender address to be verified before any
> > # subsequent ACL statement can be used. If verification fails, the incoming
> > # recipient address is refused. Verification consists of trying to route the
> > # address, to see if a bounce message could be delivered to it. In the case of
> > # remote addresses, basic verification checks only the domain.
> >
> > require verify = sender
> > ---
>
> My understanding of what this does. If the source email address
> domain is hosted on the same box it just checks if it exists. If its
> not hosted on the same box it just does a "dig domain mx". Is that
> right? I assume it uses named which is running on the same box as an
> authorative and caching name server. I have named/bind configured as
> open to recursive lookups only to my IP pools and obviously open to
> authorative from anyone.
I seem to be repeating myself a lot today... what 'verify = sender'
does is runs the sender address through the configured routers in your
config, to see if the address would be routeable. Since it doesn't
call the transports, it doesn't do any SMTP. For addresses which would
be remotely routed, this probably will involve DNS lookups.
Exim uses your system's resolver library to do DNS lookups - you may
be able to persuade the resolver to use files instead of DNS queries
but this is outside of Exim.