Lähettäjä: Jan Ingvoldstad Päiväys: Vastaanottaja: exim users Aihe: Re: [exim] local_domains by dns
On Thu, Aug 26, 2021 at 2:35 PM Cyborg via Exim-users <exim-users@???>
wrote:
> Am 26.08.21 um 11:38 schrieb Evgeniy Berdnikov via Exim-users:
> > On Thu, Aug 26, 2021 at 10:57:49AM +0200, Cyborg via Exim-users wrote:
> >> My actual problem is to build the content of local_domains from DNS IN
> MX
> >> Records. The server shall only handle the domain as local,
> >> if the mx is pointing to an address on the host.
> > If so, then anybody making pointer to your server in MX record for
> > controlled domain (not your domain) could send spam to you.
>
> No.. local_domains may say that it found a matching mx for the domain,
> but there is no mailbox, forward or anything
> configured for this domain => mailbox not found , goodbye spammer.
>
> The reason the mx should decide this, are the other users on the server.
>
> Example:
>
> You have domain foo.com and bar.com on the same server.
>
> If you have both foo.com and bar.com in your local_domains,
> a mail send from foo.com to bar.com is interally accepted and delivered.
>
> If i.e. the bar.com owner changes the mx to another host, foo.com will
> still
> deliver it's mails to bar.com locally, as local_domains says so.
>
> Thats where the mx check comes in handy:
>
> if the msg comes in, local_domains may only contain the domain, if the
> mx returns a valid ip/cname.
> if foo.com now sends a mail for bar.com and the mx does not point to the
> server itself,
> the message is handeld as if it was never on the server, completly
> ignoring the (old) local config for this domain .
>
> This scenary is a reallife problem in multi-domain hosting. If you only
> have a handfull of domain, most of them your property or under your
> admin control, you won't have it and will never have thought about it.
> With thousands of domains and external admins just switching mx entries
> as they like, it gets a problem for all those on the server, who send
> mail to the switched domain. The users correctly assume, that the server
> will handle this situation.
>
> That issue is not solved by pretending that these hosted domains are
"local_domains" domains, which only introduces a bunch of problems.
Additionally, it is better if the mail client facing SMTP server does not
deliver mail locally to domains it hosts, but instead always performs an MX
record lookup.
In other words, separate the roles of accepting incoming e-mail and sending
authenticated outgoing e-mail.
In both cases, you'll probably want to keep lists of all valid e-mail
addresses configured for the domain in question, so that you can reject
both outgoing and incoming e-mail with falsified addresses, or if e.g. an
account for joebob.example tries to send e-mail on behalf of
bobbybrown.example.
--
Jan