Re: [exim] lowest numbered MX record points to local host
A simple solution may be to read the domainlist local_domains = from a flat file that needs to hold the names of the user defined domains. On 14.02.2018 10:28, Cyborg via Exim-users wrote: Am 14.02.2018 um 09:59 schrieb Bambero via Exim-users: So what shoud I do to fix that? I can't use local_domains, becouse it's shared hosting, and users can add domains by hand. If someone will add domain 'gmail.com' exim will treat it as local domain. The only way is to check MX. There is no easy solution to the problem. Local domains defines those domains, the server shall receive email for. You could add a rule to the check_rcpt acl , to see, if IN MX of the domain points to your server. It's doable, but could be tricked also. Way easier is to blacklist domains, you will never serve emails for like gmail.com. domainlist local_domains = @ : localhost : localhost.localdomain : ${lookup mysql { SELECT domainname FROM .. WHERE ... AND DOMAIN NOT IN ( "gmail.com","t-online.de","gmx.de","gmx.net","outlook.com" ) }} You could also build an sql with a db defined blacklist, which would be easier to maintain. Hope that helped, Marius smime.p7s Description: S/MIME Cryptographic Signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] lowest numbered MX record points to local host
Am 14.02.2018 um 10:52 schrieb Sebastian Nielsen via Exim-users: > Easiest is to use local_domains but have a verification step for the > shared hosting, so your interface where user add their domain, will > verify that the MX is pointed to your server Before allowing the > domain to be added to local_domains. A good way, but you can't avoid hard lists of not to add domainnames. > if (dnslookup($user_domain, "MX") ne "yoursmtp.yourdomain.com") { > print "To add this domain you first need to set up your MX to Point to > us. We cannot add your domain without you first reconfiguring the MX, > for obvious security reasons". > } IF you want to relay on it, you need to use "dig +trace mx domainname" (or similar algorithm) which traces the answeres from root to the autoritative dns servers. If you use a cache, the process gets attackable : "DNS Cache Poisoning Attack" :) If that is possible, why do i still need to relay on a hardcoded list ? a) it's way faster b) you can't tamper with it. c) "famous" domainnames, like ebay.* will never be transfered to your own small hosting compay(, without you knowing first). Therefore, why relay on a timeconsuming, tamperable process to find something out, you already know ? And you have to take care of "not getting an answere, when you should have got one." aka. packetloss with dns queries. And now last, but by far not least: D) The need of adding domains, that are active on other servers, because they wanne switch from theire OLD ISP to you as theire NEW hosting provider :D In the process of building a new webaccount, people tend to test mailfunctionality, so it has to work, even if the mx is not set to your server. And you have to cope with the fact, that some domains only host the website with you, but don't wanne use your mailservices. Which leeds to the ultimate hint: make localdomains dynamically alterable. If you do a MX check, you can't add those domains to your system without a side channel, and trust me, it's a day-by-day pratise to switch ISPs . So heres my advise : take some time, make a list, integrate it into your hosting config tool and deny what makes common sense on your market segment. Funny sidenote: We found a borderline syndrom in mariadb caused by our dynamic localdomains query, which involved the antispam checks in place, which resulted in a complex query, the mariadb parser could not cope with if limited to 1 result :D ( unlimited results ok, but limit 1 => DOS endlessloop ) ( could be solved by a even more complex query ;) ) Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] lowest numbered MX record points to local host
Easiest is to use local_domains but have a verification step for the shared hosting, so your interface where user add their domain, will verify that the MX is pointed to your server Before allowing the domain to be added to local_domains. Eg, in the web interface where user add their domain, add something like (assuming dnslookup() is a function that takes a domain and record type and returns the first record): if (dnslookup($user_domain, "MX") ne "yoursmtp.yourdomain.com") { print "To add this domain you first need to set up your MX to Point to us. We cannot add your domain without you first reconfiguring the MX, for obvious security reasons". } 2018-02-14 9:59 GMT+01:00 Bambero via Exim-users: > So what shoud I do to fix that? I can't use local_domains, becouse it's > shared hosting, and users can add domains by hand. > If someone will add domain 'gmail.com' exim will treat it as local domain. > > The only way is to check MX. > > Regards, > Bambero > > On Wed, Feb 14, 2018 at 9:29 AM, Bambero wrote: > >> So what shoud I do to fix that? I can't use local_domains, becouse it's >> shared hosting, and users can add domains by hand. >> If someone will add domain 'gmail.com' exim will treat it as local domain. >> >> The only way is to check MX. >> >> Regards, >> Bambero >> >> On Wed, Feb 14, 2018 at 8:04 AM, Sebastian Nielsen < >> nielsen.sebast...@gmail.com> wrote: >> >>> Because exim4 by default disallows delivery to local host to prevent mail >>> loops. >>> >>> When remote delivery fails, delivery will be attempted to a local user. >>> Thats why it doesn't fail with a valid user. >>> >>> The ! +local_domains skips this router for local users, so remote >>> delivery isn't even attempted for local users. >>> >>> >>> Den 14 feb. 2018 02:48 skrev "Bambero via Exim-users" < >>> exim-users@exim.org>: >>> >>> Hi, >>> >>> I have two routers: >>> >>> dnslookup: >>> driver = dnslookup >>> # domains = ! +local_domains # check mx for all domains >>> transport = remote_smtp >>> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 >>> self = pass >>> no_more >>> >>> localuser: >>> driver = accept >>> condition = ${lookup sqlite {...}{yes}{no}} >>> transport = local_delivery >>> cannot_route_message = Unknown user >>> >>> Everything works fine, but if there is no user in my database i got error: >>> "lowest numbered MX record points to local host" >>> >>> Instead of: >>> "Unknown user" >>> >>> But when i change first router to defaults: >>> >>> dnslookup: >>> driver = dnslookup >>> domains = ! +local_domains >>> transport = remote_smtp >>> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 >>> no_more >>> >>> The error is correct: >>> "Unknown user" >>> >>> Can anyone explain, why? >>> >>> Regards, >>> Bambero >>> -- >>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users >>> ## Exim details at http://www.exim.org/ >>> ## Please use the Wiki with this list - http://wiki.exim.org/ >>> >>> >>> >> > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] lowest numbered MX record points to local host
A simple solution may be to read the domainlist local_domains = from a flat file that needs to hold the names of the user defined domains, and keep BOTH routers in their original configuration. On 14.02.2018 10:28, Cyborg via Exim-users wrote: Am 14.02.2018 um 09:59 schrieb Bambero via Exim-users: So what shoud I do to fix that? I can't use local_domains, becouse it's shared hosting, and users can add domains by hand. If someone will add domain 'gmail.com' exim will treat it as local domain. The only way is to check MX. There is no easy solution to the problem. Local domains defines those domains, the server shall receive email for. You could add a rule to the check_rcpt acl , to see, if IN MX of the domain points to your server. It's doable, but could be tricked also. Way easier is to blacklist domains, you will never serve emails for like gmail.com. domainlist local_domains = @ : localhost : localhost.localdomain : ${lookup mysql { SELECT domainname FROM .. WHERE ... AND DOMAIN NOT IN ( "gmail.com","t-online.de","gmx.de","gmx.net","outlook.com" ) }} You could also build an sql with a db defined blacklist, which would be easier to maintain. Hope that helped, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] lowest numbered MX record points to local host
Am 14.02.2018 um 09:59 schrieb Bambero via Exim-users: > So what shoud I do to fix that? I can't use local_domains, becouse it's > shared hosting, and users can add domains by hand. > If someone will add domain 'gmail.com' exim will treat it as local domain. > > The only way is to check MX. > There is no easy solution to the problem. Local domains defines those domains, the server shall receive email for. You could add a rule to the check_rcpt acl , to see, if IN MX of the domain points to your server. It's doable, but could be tricked also. Way easier is to blacklist domains, you will never serve emails for like gmail.com. domainlist local_domains = @ : localhost : localhost.localdomain : ${lookup mysql { SELECT domainname FROM .. WHERE ... AND DOMAIN NOT IN ( "gmail.com","t-online.de","gmx.de","gmx.net","outlook.com" ) }} You could also build an sql with a db defined blacklist, which would be easier to maintain. Hope that helped, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] lowest numbered MX record points to local host
So what shoud I do to fix that? I can't use local_domains, becouse it's shared hosting, and users can add domains by hand. If someone will add domain 'gmail.com' exim will treat it as local domain. The only way is to check MX. Regards, Bambero On Wed, Feb 14, 2018 at 9:29 AM, Bamberowrote: > So what shoud I do to fix that? I can't use local_domains, becouse it's > shared hosting, and users can add domains by hand. > If someone will add domain 'gmail.com' exim will treat it as local domain. > > The only way is to check MX. > > Regards, > Bambero > > On Wed, Feb 14, 2018 at 8:04 AM, Sebastian Nielsen < > nielsen.sebast...@gmail.com> wrote: > >> Because exim4 by default disallows delivery to local host to prevent mail >> loops. >> >> When remote delivery fails, delivery will be attempted to a local user. >> Thats why it doesn't fail with a valid user. >> >> The ! +local_domains skips this router for local users, so remote >> delivery isn't even attempted for local users. >> >> >> Den 14 feb. 2018 02:48 skrev "Bambero via Exim-users" < >> exim-users@exim.org>: >> >> Hi, >> >> I have two routers: >> >> dnslookup: >> driver = dnslookup >> # domains = ! +local_domains # check mx for all domains >> transport = remote_smtp >> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 >> self = pass >> no_more >> >> localuser: >> driver = accept >> condition = ${lookup sqlite {...}{yes}{no}} >> transport = local_delivery >> cannot_route_message = Unknown user >> >> Everything works fine, but if there is no user in my database i got error: >> "lowest numbered MX record points to local host" >> >> Instead of: >> "Unknown user" >> >> But when i change first router to defaults: >> >> dnslookup: >> driver = dnslookup >> domains = ! +local_domains >> transport = remote_smtp >> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 >> no_more >> >> The error is correct: >> "Unknown user" >> >> Can anyone explain, why? >> >> Regards, >> Bambero >> -- >> ## List details at https://lists.exim.org/mailman/listinfo/exim-users >> ## Exim details at http://www.exim.org/ >> ## Please use the Wiki with this list - http://wiki.exim.org/ >> >> >> > -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] lowest numbered MX record points to local host
Because exim4 by default disallows delivery to local host to prevent mail loops. When remote delivery fails, delivery will be attempted to a local user. Thats why it doesn't fail with a valid user. The ! +local_domains skips this router for local users, so remote delivery isn't even attempted for local users. Den 14 feb. 2018 02:48 skrev "Bambero via Exim-users": Hi, I have two routers: dnslookup: driver = dnslookup # domains = ! +local_domains # check mx for all domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 self = pass no_more localuser: driver = accept condition = ${lookup sqlite {...}{yes}{no}} transport = local_delivery cannot_route_message = Unknown user Everything works fine, but if there is no user in my database i got error: "lowest numbered MX record points to local host" Instead of: "Unknown user" But when i change first router to defaults: dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more The error is correct: "Unknown user" Can anyone explain, why? Regards, Bambero -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] lowest numbered MX record points to local host
Hi, I have two routers: dnslookup: driver = dnslookup # domains = ! +local_domains # check mx for all domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 self = pass no_more localuser: driver = accept condition = ${lookup sqlite {...}{yes}{no}} transport = local_delivery cannot_route_message = Unknown user Everything works fine, but if there is no user in my database i got error: "lowest numbered MX record points to local host" Instead of: "Unknown user" But when i change first router to defaults: dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more The error is correct: "Unknown user" Can anyone explain, why? Regards, Bambero -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] lowest numbered MX record points to local host
I'm getting this error on EXIM 4.77 Centos 6. lowest numbered MX record points to local host Exim installation with YUM. Shahid -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] lowest numbered MX record points to local host
On 22/11/2012 13:25, Shahid Ashraf wrote: I'm getting this error on EXIM 4.77 Centos 6. lowest numbered MX record points to local host Exim installation with YUM. Shahid Read the FAQ sections of the Exim docs. *http://wiki.exim.org/FAQ/Routing_to_remote_hosts/Q0301* then search for :*lowest numbered mx record points to local host exim* in Google. you should have your answer in the first 3 results ;o) hope this answers your question. regards Tom -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/