Re: [exim] Host lacks reverse DNS

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: exim-users
Subject: Re: [exim] Host lacks reverse DNS
On Fri, Aug 06, 2010 at 09:25:51AM -0500, Kamal Ashour wrote:
> Greetings,
>
> Sending and receiving emails from the localhost works, but sending email
> from the local network clients via IMAP/POP gives the following and email
> rejects, if I add the client IP address to the hosts files works ok, but
> clients on the local network setup with dynamic ips.
>
> I want to bypass local network DNS lookup, I included my exim.conf setup
> below.
>
> What am i missing?


A coherent explanation of the problem? :-)

I'm afraid your explanation of the problem didn't make much sense to me, so
for now I'm going to make some guesses: I'm guessing that there's only one
Exim server in this situation, and it's probably not on 192.168.0.7;
192.168.0.7 is some client trying to submit mail to exim. And it sounds like
you don't want to reject due to lack of reverse DNS for local clients
(192.168.0.0/24).

If all that is correct, then the problem is this part of your config:

> acl_check_mail:


...

> # Use the lack of reverse DNS to trigger greylisting. Some people
> # even reject for it but that would be a little excessive.
>
>   warn condition = ${if eq{$sender_host_name}{} {1}}
>        set acl_m_greylistreasons = Host $sender_host_address lacks reverse
> DNS\n$acl_m_greylistreasons


...

> acl_check_data:
>
> require acl = greylist_mail


It looks like you're applying greylisting to *all* clients who lack reverse DNS.

As for how to fix that, I can't tell you for sure, because I don't know your
requirements. It might be as simple as adding a "hosts" condition just before
you set acl_m_greylistreasons (e.g. hosts = !192.168.0.0/24). Or, if this
Exim server ONLY accepts connections from clients that you trust anyway (i.e.
it doesn't handle mail directly arriving from the Big Bad Internet), maybe you
should just strip out the greylisting stuff entirely.

On the other hand, if I've guessed incorrectly then perhaps you could try
explaining your problem again?

Regards,

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey