Re: [exim] local_domains by dns

Am 26.08.21 um 11:38 schrieb Evgeniy Berdnikov via Exim-users:
> On Thu, Aug 26, 2021 at 10:57:49AM +0200, Cyborg via Exim-users wrote:
>> My actual problem is to build the content of local_domains from DNS IN MX
>> Records. The server shall only handle the domain as local,
>> if the mx is pointing to an address on the host.
> If so, then anybody making pointer to your server in MX record for
> controlled domain (not your domain) could send spam to you.

No.. local_domains may say that it found a matching mx for the domain,
but there is no mailbox, forward or anything
configured for this domain => mailbox not found , goodbye spammer.

The reason the mx should decide this, are the other users on the server.

Example:

You have domain foo.com and bar.com on the same server.

If you have both foo.com and bar.com in your local_domains,
a mail send from foo.com to bar.com is interally accepted and delivered.

If i.e. the bar.com owner changes the mx to another host, foo.com will still
deliver it's mails to bar.com locally, as local_domains says so.

Thats where the mx check comes in handy:

if the msg comes in, local_domains may only contain the domain, if the
mx returns a valid ip/cname.
if foo.com now sends a mail for bar.com and the mx does not point to the
server itself,
the message is handeld as if it was never on the server, completly
ignoring the (old) local config for this domain .

This scenary is a  reallife problem in multi-domain hosting. If you only
have a handfull of domain, most of them your property or under your
admin control, you won't have it and will never have thought about it.
With thousands of domains and external admins just switching mx entries
as they like, it gets a problem for all those on the server, who send
mail to the switched domain. The users correctly assume, that the server
will handle this situation.