Eli
2005-05-06 17:22:40 UTC
I've got a domainlist that I use to figure out if a domain is local or not -
it's based on a local list of domains I know are local, and also does an MX
lookup to see if the domain has an MX record that points to our server
(can't steal email hosting this way though - still have to pass local
account checks). I have a feeling I don't even need the MX lookup part of
the list any more, but that's for me to figure out later :)
Anyways, my problem comes in when email comes in and the sender specifies
their mail from and gives a domain name that Exim needs to verify with my
dnslookup router (since I do domain name verification on senders). If one
of the MX records that the domain has however can't be resolved, Exim ends
up giving a "temporary local problem" error since it is trying to resolve
all MX records to compare against the domainlist to even figure out if it
should use the dnslookup router (so basically the router isn't the problem,
but the fact that @mx_any is making Exim look up all MX records).
I noticed in the documentation that if it were a *host*list, I could use
"+ignore_unknown" in the list to have it fix my problem, but this isn't
allowed in domainlists. The only other settings I could think of were the
"mx_fail_domains" and "srv_fail_domains" settings for the dnslookup router -
I put them in just to see if it made a difference, but I didn't think it
would fix my problem since it seems to be before the router is executed that
the problem happens.
Here are the parts of my config file:
domainlist treat_as_local = ${lookup {$domain} dbmnz
{/etc/exim.host.db} {${if > {$value}{0} {$domain}{}}}{}} :
@mx_any/ignore=!1.2.3.4
remote_address:
driver = dnslookup
domains = !+treat_as_local
mx_fail_domains = *
srv_fail_domains = *
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
cannot_route_message = Insufficient DNS information found for
$domain
transport = remote_delivery
more = no
... And here is the debug output:
7821 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
7821 Verifying ***@cpp-db.com
7821 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
7821 Considering ***@cpp-db.com
7821 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
7821 routing ***@cpp-db.com
7821 --------> remote_address router <--------
7821 local_part=user domain=cpp-db.com
7821 checking domains
7821 search_open: dbmnz "/etc/exim.host.db"
7821 search_find: file="/etc/exim.host.db"
7821 key="cpp-db.com" partial=-1 affix=NULL starflags=0
7821 LRU list:
7821 2/etc/exim.host.db
7821 :/etc/exim.whitelist
7821 6/etc/exim.blacklist
7821 End
7821 internal_search_find: file="/etc/exim.host.db"
7821 type=dbmnz key="cpp-db.com"
7821 file lookup required for cpp-db.com
7821 in /etc/exim.host.db
7821 lookup failed
7821 DNS lookup of cpp-db.com (MX) succeeded
7821 199.0.58.101 in "!66.165.106.125"? yes (end of list)
7821 ignored host mail.cpp-db.com [199.0.58.101]
7821 66.88.134.59 in "!66.165.106.125"? yes (end of list)
7821 ignored host mail01.cpp-db.com [66.88.134.59]
7821 DNS lookup of mail.cpp-db.us (A) gave TRY_AGAIN
7821 mail.cpp-db.us in dns_again_means_nonexist? no (option unset)
7821 returning DNS_AGAIN
7821 host_find_bydns yield = HOST_FIND_AGAIN (1); returned hosts:
7821 mail.cpp-db.us <null> MX=20 *
7821 cpp-db.com in " : @mx_any/ignore=!1.2.3.4"? lookup deferred for
@mx_any/ignore=!1.2.3.4
7821 cpp-db.com in "!+treat_as_local"? lookup deferred for !+treat_as_local
7821 domains check lookup or other defer
7821 ----------- end verify ------------
7821 deny: condition test deferred
7821 SMTP>> 451 Temporary local problem - please try later
7821 LOG: MAIN REJECT
7821 H=(test) [216.209.84.151] I=[66.165.125.115]:2525 temporarily
rejected MAIL <***@cpp-db.com>: DNS lookup of "cpp-db.com" deferred
You can test with cpp-db.com as well if you'd like (I don't host it, just a
domain I know has an unresolvable MX record). It's the mail.cpp-db.us
domain that can't be resolved. The really odd part is that when I use dig
to try to look it up, I get a SRVFAIL for the DNS response, however Exim
says that DNS was deferring (though maybe this was due to a change made to
Exim for a purpose - I remember several discussions about how failed DNS
should be handled.
Is there any way I can have Exim ignore an MX lookup failure for @mx_any ?
Eli
it's based on a local list of domains I know are local, and also does an MX
lookup to see if the domain has an MX record that points to our server
(can't steal email hosting this way though - still have to pass local
account checks). I have a feeling I don't even need the MX lookup part of
the list any more, but that's for me to figure out later :)
Anyways, my problem comes in when email comes in and the sender specifies
their mail from and gives a domain name that Exim needs to verify with my
dnslookup router (since I do domain name verification on senders). If one
of the MX records that the domain has however can't be resolved, Exim ends
up giving a "temporary local problem" error since it is trying to resolve
all MX records to compare against the domainlist to even figure out if it
should use the dnslookup router (so basically the router isn't the problem,
but the fact that @mx_any is making Exim look up all MX records).
I noticed in the documentation that if it were a *host*list, I could use
"+ignore_unknown" in the list to have it fix my problem, but this isn't
allowed in domainlists. The only other settings I could think of were the
"mx_fail_domains" and "srv_fail_domains" settings for the dnslookup router -
I put them in just to see if it made a difference, but I didn't think it
would fix my problem since it seems to be before the router is executed that
the problem happens.
Here are the parts of my config file:
domainlist treat_as_local = ${lookup {$domain} dbmnz
{/etc/exim.host.db} {${if > {$value}{0} {$domain}{}}}{}} :
@mx_any/ignore=!1.2.3.4
remote_address:
driver = dnslookup
domains = !+treat_as_local
mx_fail_domains = *
srv_fail_domains = *
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
cannot_route_message = Insufficient DNS information found for
$domain
transport = remote_delivery
more = no
... And here is the debug output:
7821 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
7821 Verifying ***@cpp-db.com
7821 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
7821 Considering ***@cpp-db.com
7821 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
7821 routing ***@cpp-db.com
7821 --------> remote_address router <--------
7821 local_part=user domain=cpp-db.com
7821 checking domains
7821 search_open: dbmnz "/etc/exim.host.db"
7821 search_find: file="/etc/exim.host.db"
7821 key="cpp-db.com" partial=-1 affix=NULL starflags=0
7821 LRU list:
7821 2/etc/exim.host.db
7821 :/etc/exim.whitelist
7821 6/etc/exim.blacklist
7821 End
7821 internal_search_find: file="/etc/exim.host.db"
7821 type=dbmnz key="cpp-db.com"
7821 file lookup required for cpp-db.com
7821 in /etc/exim.host.db
7821 lookup failed
7821 DNS lookup of cpp-db.com (MX) succeeded
7821 199.0.58.101 in "!66.165.106.125"? yes (end of list)
7821 ignored host mail.cpp-db.com [199.0.58.101]
7821 66.88.134.59 in "!66.165.106.125"? yes (end of list)
7821 ignored host mail01.cpp-db.com [66.88.134.59]
7821 DNS lookup of mail.cpp-db.us (A) gave TRY_AGAIN
7821 mail.cpp-db.us in dns_again_means_nonexist? no (option unset)
7821 returning DNS_AGAIN
7821 host_find_bydns yield = HOST_FIND_AGAIN (1); returned hosts:
7821 mail.cpp-db.us <null> MX=20 *
7821 cpp-db.com in " : @mx_any/ignore=!1.2.3.4"? lookup deferred for
@mx_any/ignore=!1.2.3.4
7821 cpp-db.com in "!+treat_as_local"? lookup deferred for !+treat_as_local
7821 domains check lookup or other defer
7821 ----------- end verify ------------
7821 deny: condition test deferred
7821 SMTP>> 451 Temporary local problem - please try later
7821 LOG: MAIN REJECT
7821 H=(test) [216.209.84.151] I=[66.165.125.115]:2525 temporarily
rejected MAIL <***@cpp-db.com>: DNS lookup of "cpp-db.com" deferred
You can test with cpp-db.com as well if you'd like (I don't host it, just a
domain I know has an unresolvable MX record). It's the mail.cpp-db.us
domain that can't be resolved. The really odd part is that when I use dig
to try to look it up, I get a SRVFAIL for the DNS response, however Exim
says that DNS was deferring (though maybe this was due to a change made to
Exim for a purpose - I remember several discussions about how failed DNS
should be handled.
Is there any way I can have Exim ignore an MX lookup failure for @mx_any ?
Eli
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/