On Thu, Mar 19, 2009 at 04:01:57PM -0400, Bryan Rawlins said:
> We recently ran into an issue where we were getting mail from a domain
> that had an A record that resolved to private IP space. Not a big issue
> in most circumstances, but since we do store-n-forward spam filtering it
> became a slight problem because our customer's MTA recognized the
> sending domain being private IP space and 550'd the message, thus
> leaving us holding the bag as it were.
>
> As a result of the above I developed an ACL to catch these and reject
> them. There probably isn't a great demand for such a beast, but I
> though I'd share it.
The default (I think) exim4.conf handles it slightly more elegantly:
dnslookup:
driver = dnslookup
domains = ! +local_delivery : ! +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
no_more
then all you have to do is turn on verify = sender (not even callout) -
the domain will be unroutable.
Cheers,
--
--------------------------------------------------------------------------
| Stephen Gran | sushi, n.: When that-which-may-still- |
| steve@??? | be-alive is put on top of rice and |
| http://www.lobefin.net/~steve | strapped on with electrical tape. |
--------------------------------------------------------------------------
