Re: [exim] conditional break if dnsdb reveals a NXDOMAIN ?

Top Page
Delete this message
Reply to this message
Author: Mike Brudenell
Date:  
To: Exim Users
Subject: Re: [exim] conditional break if dnsdb reveals a NXDOMAIN ?
But isn't a non-existent domain just a special case of a domain that fails
sender verification? For example as far as my memory goes to pass sender
verification for a remote address you need it to be routeable, which
typically means:

- the domain has to exist, and
- has MX, A or AAAA records, and
- the IP addresses of these aren't listed in *ignore_target_hosts*

Remember that there are some oddities such as creating a TXT entry for
flobble.example.com means you won't get NXDOMAIN back when you query for
it. Likewise if the domain has a wildcard entry such as *.example.com —
instead of getting NXDOMAIN back for flobble.example.com you'd get a
positive response code if just checking whether it exists. (Or something
like that: I forget the details, but I caused problems briefly when I
created a wildcard SPF record for a subdomain and broke some scripts that
relied on getting NXDOMAIN but now weren't.)

As Jeremy says, you need to get very clear in your mind what it is you're
trying to check and why. The chances are that you want to drop or reject
messages not just from a domain name that doesn't exist but perhaps also if
they don't have valid paths back to them: hence sender verification.

Cheers,
Mike B-)

On 2 August 2017 at 14:40, Cyborg <cyborg2@???> wrote:

> Am 02.08.2017 um 12:43 schrieb Heiko Schlittermann via Exim-users:
> > Cyborg <cyborg2@???> (Mi 02 Aug 2017 12:30:24 CEST):
> >> Hi,
> >>
> >> how must a ACL look like, if we wanne drop the message, when the domain
> >> in question does not exists ?
> >>
> >> in other words, i wanne check if a domain is registered at all, and
> >> dnsdb looks like the correct approach.
> >>
> >> Any Ideas ?
> >     condition = ${lookup dnsdb{$sender_address_domain}{yes}{no}}

> >
> > But isn't for sender verification
> >
> >     require verify = sender

> >
> > the better approach? (Of course, if you do not talk about sender
> > verification, then …)
> >
>
> Nope, i don't wanne verify them, i just wanne drop messages from none
> existing domains.
>
> Sender verification is the next step ;)
>
> Best regards,
> Marius
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>




--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm