 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Hi Rich, Thanks for your reply. I stumbled some exim command-line fu, and ran this: # exim -d-all+dns+resolver -bvs sender at domain.org ... DNS lookup of domain.org (MX) succeeded DNS lookup of ASPMX.L.GOOGLE.COM (AAAA) succeeded DNS lookup of ASPMX.L.GOOGLE.COM (A) succeeded DNS lookup of ALT1.ASPMX.L.GOOGLE.COM (AAAA) succeeded DNS lookup of ALT1.ASPMX.L.GOOGLE.COM (A) succeeded DNS lookup of ALT2.ASPMX.L.GOOGLE.COM (AAAA) succeeded DNS lookup of ALT2.ASPMX.L.GOOGLE.COM (A) succeeded DNS lookup of ASPMX4.GOOGLEMAIL.COM (AAAA) succeeded DNS lookup of ASPMX4.GOOGLEMAIL.COM (A) succeeded DNS lookup of ASPMX2.GOOGLEMAIL.COM (AAAA) succeeded DNS lookup of ASPMX2.GOOGLEMAIL.COM (A) succeeded DNS lookup of ASPMX3.GOOGLEMAIL.COM (AAAA) succeeded DNS lookup of ASPMX3.GOOGLEMAIL.COM (A) succeeded DNS lookup of ASPMX5.GOOGLEMAIL.COM (AAAA) succeeded DNS lookup of ASPMX5.GOOGLEMAIL.COM (A) succeeded So, in the end, I think the problem is that, at least on my hosted server, exim sender_verify only queries one sender nameserver for an MX record, and if that query fails, the incoming email is rejected. We've now turned off sender_verify and will now see how good it was anyway at stopping spam (reviews of sender_verify on the web are mixed). (Me thinking a little more about it, exim querying for an MX record is perhaps a little odd, because MX records are intended to inform _senders_ about where to _send_ email _to_, not necessarily to inform anyone on where email might be legitimately coming _from_; hence, SPF, DKIM, and DMARC.) Thanks again, Rich, Pete ------------------------------ > > Message: 3 > Date: Wed, 12 Jun 2013 13:22:39 -0400 > From: Richard Pieri > To: discuss > Subject: Re: [Discuss] Exim sender_verify issue? > > Peter Jalajas wrote: > > a) was only checking for A records, not MX records; and/or > > You can't use MX records for sender verify. MX records don't necessarily > have IP addresses associated with them. For example: > > dig peorth.gweep.net any > > There is no IP address associated with this host name. A reverse DNS > lookup on any host claiming to be peorth.gweep.net will fail. The > authoritative host name associated with the IP address does not match. > > This seems like what you describe the friend doing: his MTA is > configured to say that it is a google.com host. It isn't any such thing, > and the reverse lookup on his IP address confirms it. > > Your provider's system is doing precisely what it should: it rejects > mail from improperly configured, probably malicious sites. > > > b) was not checking multiple nameservers. > > I would need to see some mail logs and DNS traces before commenting on > this. > > -- > Rich P. > >
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
