Re: [exim] Relaying and DNS lookups

Top Page
Delete this message
Reply to this message
Author: Chris Siebenmann
Date:  
To: Paul Walsh
CC: exim-users@exim.org, cks
Subject: Re: [exim] Relaying and DNS lookups
| I've been bitten by this a number of times and wondered if anyone had
|    a) done the same, and b) come up with a solution....
|    In the configuration file of our outbound mail gateway I have a host
|    list relay_hosts of all hosts allowed to relay mail. [...]

[...]
|    This is all fine and dandy until the entry for one of the hosts in
|    relay_hosts is deleted from DNS.


As mentioned, you want the 'ignore_unknown' option on lookups. As I
found out the hard way, you may well also want 'ignore_defer'. In
general you may want this for almost all host lists you use.

I can see why Exim behaves this way and it's documented, but I wouldn't
be surprised if it keeps catching people out. Maybe the documentation
needs some sort of prominent pointer to the bit that discusses it
(chapter 10 sections 14 and 15).

Note that this behavior is especially dangerous in whitelists and
blacklists that list external domains; you can wind up creating a
situation where you accidentally 4xx everything basically forever. I
wrote up a discussion of this in:
http://utcc.utoronto.ca/~cks/space/blog/sysadmin/EximHostsListDanger

    - cks