Re: [exim] lowest numbered MX record points to local host

2018-02-16 Thread Hartmut Steffin via Exim-users 

A simple solution may be to read the

domainlist local_domains =

from a flat file that needs to hold the names of the user defined domains.

On 14.02.2018 10:28, Cyborg via Exim-users wrote:

Am 14.02.2018 um 09:59 schrieb Bambero via Exim-users:

So what shoud I do to fix that? I can't use local_domains, becouse it's
shared hosting, and users can add domains by hand.
If someone will add domain 'gmail.com' exim will treat it as local domain.

The only way is to check MX.



There is no easy solution to the problem. Local domains defines those
domains, the server shall receive email for.

You could add a rule  to the check_rcpt acl , to see, if  IN MX of the
domain points to your server. It's doable,
but could be tricked also.

Way easier is to blacklist domains, you will never serve emails for like
gmail.com.

domainlist local_domains = @ : localhost : localhost.localdomain :
${lookup mysql {  SELECT domainname FROM .. WHERE ... AND DOMAIN NOT IN
( "gmail.com","t-online.de","gmx.de","gmx.net","outlook.com"  ) }}

You could also build an sql with a db defined blacklist, which would be
easier to maintain.

Hope that helped,
Marius





smime.p7s
Description: S/MIME Cryptographic Signature
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] lowest numbered MX record points to local host

2018-02-14 Thread Cyborg via Exim-users 
Am 14.02.2018 um 10:52 schrieb Sebastian Nielsen via Exim-users:
> Easiest is to use local_domains but have a verification step for the
> shared hosting, so your interface where user add their domain, will
> verify that the MX is pointed to your server Before allowing the
> domain to be added to local_domains.

A good way, but you can't avoid hard lists of not to add domainnames.
> if (dnslookup($user_domain, "MX") ne "yoursmtp.yourdomain.com") {
> print "To add this domain you first need to set up your MX to Point to
> us. We cannot add your domain without you first reconfiguring the MX,
> for obvious security reasons".
> }

IF you want to relay on it, you need to use "dig +trace mx domainname"
(or similar algorithm) which traces the answeres from root to the
autoritative dns servers. If you use a cache, the process gets
attackable : "DNS Cache Poisoning Attack"  :)

If that is possible, why do i still need to relay on a hardcoded list ?

a) it's way faster
b) you can't tamper with it.
c) "famous" domainnames, like ebay.*  will never be transfered to your
own small hosting compay(, without you knowing first). Therefore, why
relay on a timeconsuming, tamperable process to find something out, you
already know ? And you have to take care of "not getting an answere,
when you should have got one." aka. packetloss with dns queries.

And now last, but by far not least:

D) The need of adding domains, that are active on other servers, because
they wanne switch from theire OLD ISP to you as theire NEW hosting
provider  :D
In the process of building a new webaccount, people tend to test
mailfunctionality, so it has to work, even if the mx is not set to your
server. And you have to cope with the fact, that some domains only host
the website with you, but don't wanne use your mailservices. Which leeds
to the ultimate hint: make localdomains dynamically alterable.

If you do a MX check, you can't add those domains to your system without
a side channel, and trust me, it's a day-by-day pratise to switch ISPs .

So heres my advise :

take some time, make a list, integrate it into your hosting config tool
and deny what makes common sense on your market segment.


Funny sidenote:

We found a borderline syndrom in mariadb caused by our dynamic
localdomains query, which involved the antispam checks in place, which
resulted in a complex query, the mariadb parser could not cope with if
limited to 1 result :D ( unlimited results ok, but limit 1 => DOS
endlessloop )  ( could be solved by a even more complex query ;) )

Marius


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] lowest numbered MX record points to local host

2018-02-14 Thread Sebastian Nielsen via Exim-users 
Easiest is to use local_domains but have a verification step for the
shared hosting, so your interface where user add their domain, will
verify that the MX is pointed to your server Before allowing the
domain to be added to local_domains.

Eg, in the web interface where user add their domain, add something
like (assuming dnslookup() is a function that takes a domain and
record type and returns the first record):

if (dnslookup($user_domain, "MX") ne "yoursmtp.yourdomain.com") {
print "To add this domain you first need to set up your MX to Point to
us. We cannot add your domain without you first reconfiguring the MX,
for obvious security reasons".
}

2018-02-14 9:59 GMT+01:00 Bambero via Exim-users :
> So what shoud I do to fix that? I can't use local_domains, becouse it's
> shared hosting, and users can add domains by hand.
> If someone will add domain 'gmail.com' exim will treat it as local domain.
>
> The only way is to check MX.
>
> Regards,
> Bambero
>
> On Wed, Feb 14, 2018 at 9:29 AM, Bambero  wrote:
>
>> So what shoud I do to fix that? I can't use local_domains, becouse it's
>> shared hosting, and users can add domains by hand.
>> If someone will add domain 'gmail.com' exim will treat it as local domain.
>>
>> The only way is to check MX.
>>
>> Regards,
>> Bambero
>>
>> On Wed, Feb 14, 2018 at 8:04 AM, Sebastian Nielsen <
>> nielsen.sebast...@gmail.com> wrote:
>>
>>> Because exim4 by default disallows delivery to local host to prevent mail
>>> loops.
>>>
>>> When remote delivery fails, delivery will be attempted to a local user.
>>> Thats why it doesn't fail with a valid user.
>>>
>>> The ! +local_domains skips this router for local users, so remote
>>> delivery isn't even attempted for local users.
>>>
>>>
>>> Den 14 feb. 2018 02:48 skrev "Bambero via Exim-users" <
>>> exim-users@exim.org>:
>>>
>>> Hi,
>>>
>>> I have two routers:
>>>
>>> dnslookup:
>>>   driver = dnslookup
>>> #  domains = ! +local_domains # check mx for all domains
>>>   transport = remote_smtp
>>>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>>>   self = pass
>>>   no_more
>>>
>>> localuser:
>>>   driver = accept
>>>   condition = ${lookup sqlite {...}{yes}{no}}
>>>   transport = local_delivery
>>>   cannot_route_message = Unknown user
>>>
>>> Everything works fine, but if there is no user in my database i got error:
>>> "lowest numbered MX record points to local host"
>>>
>>> Instead of:
>>> "Unknown user"
>>>
>>> But when i change first router to defaults:
>>>
>>> dnslookup:
>>>   driver = dnslookup
>>>   domains = ! +local_domains
>>>   transport = remote_smtp
>>>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>>>   no_more
>>>
>>> The error is correct:
>>> "Unknown user"
>>>
>>> Can anyone explain, why?
>>>
>>> Regards,
>>> Bambero
>>> --
>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>>> ## Exim details at http://www.exim.org/
>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>
>>>
>>>
>>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] lowest numbered MX record points to local host

2018-02-14 Thread Hardy via Exim-users 

A simple solution may be to read the

domainlist local_domains =

from a flat file that needs to hold the names of the user defined 
domains, and keep BOTH routers in their original configuration.


On 14.02.2018 10:28, Cyborg via Exim-users wrote:

Am 14.02.2018 um 09:59 schrieb Bambero via Exim-users:

So what shoud I do to fix that? I can't use local_domains, becouse it's
shared hosting, and users can add domains by hand.
If someone will add domain 'gmail.com' exim will treat it as local domain.

The only way is to check MX.



There is no easy solution to the problem. Local domains defines those
domains, the server shall receive email for.

You could add a rule  to the check_rcpt acl , to see, if  IN MX of the
domain points to your server. It's doable,
but could be tricked also.

Way easier is to blacklist domains, you will never serve emails for like
gmail.com.

domainlist local_domains = @ : localhost : localhost.localdomain :
${lookup mysql {  SELECT domainname FROM .. WHERE ... AND DOMAIN NOT IN
( "gmail.com","t-online.de","gmx.de","gmx.net","outlook.com"  ) }}

You could also build an sql with a db defined blacklist, which would be
easier to maintain.

Hope that helped,
Marius



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] lowest numbered MX record points to local host

2018-02-14 Thread Cyborg via Exim-users 
Am 14.02.2018 um 09:59 schrieb Bambero via Exim-users:
> So what shoud I do to fix that? I can't use local_domains, becouse it's
> shared hosting, and users can add domains by hand.
> If someone will add domain 'gmail.com' exim will treat it as local domain.
>
> The only way is to check MX.
>

There is no easy solution to the problem. Local domains defines those
domains, the server shall receive email for.

You could add a rule  to the check_rcpt acl , to see, if  IN MX of the
domain points to your server. It's doable,
but could be tricked also.

Way easier is to blacklist domains, you will never serve emails for like
gmail.com.

domainlist local_domains = @ : localhost : localhost.localdomain :
${lookup mysql {  SELECT domainname FROM .. WHERE ... AND DOMAIN NOT IN
( "gmail.com","t-online.de","gmx.de","gmx.net","outlook.com"  ) }}

You could also build an sql with a db defined blacklist, which would be
easier to maintain.

Hope that helped,
Marius

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] lowest numbered MX record points to local host

2018-02-14 Thread Bambero via Exim-users 
So what shoud I do to fix that? I can't use local_domains, becouse it's
shared hosting, and users can add domains by hand.
If someone will add domain 'gmail.com' exim will treat it as local domain.

The only way is to check MX.

Regards,
Bambero

On Wed, Feb 14, 2018 at 9:29 AM, Bambero  wrote:

> So what shoud I do to fix that? I can't use local_domains, becouse it's
> shared hosting, and users can add domains by hand.
> If someone will add domain 'gmail.com' exim will treat it as local domain.
>
> The only way is to check MX.
>
> Regards,
> Bambero
>
> On Wed, Feb 14, 2018 at 8:04 AM, Sebastian Nielsen <
> nielsen.sebast...@gmail.com> wrote:
>
>> Because exim4 by default disallows delivery to local host to prevent mail
>> loops.
>>
>> When remote delivery fails, delivery will be attempted to a local user.
>> Thats why it doesn't fail with a valid user.
>>
>> The ! +local_domains skips this router for local users, so remote
>> delivery isn't even attempted for local users.
>>
>>
>> Den 14 feb. 2018 02:48 skrev "Bambero via Exim-users" <
>> exim-users@exim.org>:
>>
>> Hi,
>>
>> I have two routers:
>>
>> dnslookup:
>>   driver = dnslookup
>> #  domains = ! +local_domains # check mx for all domains
>>   transport = remote_smtp
>>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>>   self = pass
>>   no_more
>>
>> localuser:
>>   driver = accept
>>   condition = ${lookup sqlite {...}{yes}{no}}
>>   transport = local_delivery
>>   cannot_route_message = Unknown user
>>
>> Everything works fine, but if there is no user in my database i got error:
>> "lowest numbered MX record points to local host"
>>
>> Instead of:
>> "Unknown user"
>>
>> But when i change first router to defaults:
>>
>> dnslookup:
>>   driver = dnslookup
>>   domains = ! +local_domains
>>   transport = remote_smtp
>>   ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>>   no_more
>>
>> The error is correct:
>> "Unknown user"
>>
>> Can anyone explain, why?
>>
>> Regards,
>> Bambero
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>>
>>
>
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] lowest numbered MX record points to local host

2018-02-13 Thread Sebastian Nielsen via Exim-users 
Because exim4 by default disallows delivery to local host to prevent mail
loops.

When remote delivery fails, delivery will be attempted to a local user.
Thats why it doesn't fail with a valid user.

The ! +local_domains skips this router for local users, so remote delivery
isn't even attempted for local users.


Den 14 feb. 2018 02:48 skrev "Bambero via Exim-users" :

Hi,

I have two routers:

dnslookup:
  driver = dnslookup
#  domains = ! +local_domains # check mx for all domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  self = pass
  no_more

localuser:
  driver = accept
  condition = ${lookup sqlite {...}{yes}{no}}
  transport = local_delivery
  cannot_route_message = Unknown user

Everything works fine, but if there is no user in my database i got error:
"lowest numbered MX record points to local host"

Instead of:
"Unknown user"

But when i change first router to defaults:

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

The error is correct:
"Unknown user"

Can anyone explain, why?

Regards,
Bambero
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] lowest numbered MX record points to local host

2018-02-13 Thread Bambero via Exim-users 
Hi,

I have two routers:

dnslookup:
  driver = dnslookup
#  domains = ! +local_domains # check mx for all domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  self = pass
  no_more

localuser:
  driver = accept
  condition = ${lookup sqlite {...}{yes}{no}}
  transport = local_delivery
  cannot_route_message = Unknown user

Everything works fine, but if there is no user in my database i got error:
"lowest numbered MX record points to local host"

Instead of:
"Unknown user"

But when i change first router to defaults:

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

The error is correct:
"Unknown user"

Can anyone explain, why?

Regards,
Bambero
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] lowest numbered MX record points to local host

2012-11-22 Thread Shahid Ashraf 
I'm getting this error on EXIM 4.77 Centos 6.

lowest numbered MX record points to local host

Exim installation with YUM.


Shahid
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] lowest numbered MX record points to local host

2012-11-22 Thread Tom Kinghorn 

On 22/11/2012 13:25, Shahid Ashraf wrote:

I'm getting this error on EXIM 4.77 Centos 6.

lowest numbered MX record points to local host

Exim installation with YUM.


Shahid


Read the FAQ sections of the Exim docs.

*http://wiki.exim.org/FAQ/Routing_to_remote_hosts/Q0301*

then

search for :*lowest numbered mx record points to local host exim* in 
Google.


you should have your answer in the first 3 results ;o)


hope this answers your question.

regards
Tom
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/