help allowing specific domain to bypass reverse dns lookup in exim

[sivadc]

Just to preface, I'm not an expert in using exim by any means so I apologize in advance if I misstate something, or if this extremely easy to resolve. On to the problem!
I currently have exim set up to do reverse dns lookups for incoming email messages (as a way of reducing the amount of spam our customers receive). This is what I have in the ACL section of the exim configuration editor:

require verify = reverse_host_lookup
message = Your mail server IP address ($sender_host_address) has no reverse DNS PTR

In order to exempt domains that do not have reverse dns set up (but whose incoming mail needs to be accepted) I add them to my /etc/hosts file. There is one particular domain that I am having problems with though, I'll call it dumbdomain.com. The problem is as follows.

-dumbdomain.com has an mx record which points to mail.dumbdomain.com
-mail.dumbdomain.com resolves to 1.1.1.1
-1.1.1.1 reverses to dumbdomain.com
-dumbdomain.com resolves to 2.2.2.2

so whenever I receive an email from dumbdomain.com exim_mainlog shows the following error:

2005-04-01 16:35:55 H=(superior-0pmh5w.Supreme.loc) [1.1.1.1] F=<user@dumbdomain.com> rejected RCPT <user@mydomain.com>: host lookup failed (1.1.1.1 does not match any IP address for dumbdomain.com)

I understand why it's saying that, but I don't know how to get exim to accept the mail anyway besides actually turning reverse dns lookup off. Adding "1.1.1.1 mail.dumbdomain.com" to /etc/hosts doesn't do anything. I would greatly appreciate any help with this.

[chirpy]

You could try something like this instead (untested):

Code:

require verify = reverse_host_lookup
  message = Your mail server IP address ($sender_host_address) has no reverse DNS PTR
  !sender_domains = /etc/skiprdns

Then add dumbdomain.com to /etc/skiprdns

[sivadc]

Sounds simple enough, I'll try it and let you know how it goes. Thanks chirpy!

On a side note, is there any reason why they might have it set up that way? Their dns that is. . . Or are they just incompetent.

[chirpy]

It's a very common mistake unfortunately. Much of the responsibility, in my mind, rests with the NOCs which own the netblocks. They really should set an rDNS PTR record for all their IP addresses by default - many of the larger server providers do do this, thankfully.

[sivadc]

Hey chirpy, just wanted to let you know that, unfortunately, the modification didn't work. I tried listing both mail.dumbdomain.com and dumbdomain.com in the new /etc/skiprdns file but exim is still rejecting the email with the following response (i'll leave the real information so you can see for yourself):

2005-04-04 13:59:47 H=(superior-0pmh5w.Supreme.loc) [202.128.85.61] F=<user@guamsupremecourt.com> rejected RCPT <user@mydomain.com>: host lookup failed (202.128.85.61 does not match any IP address for guamsupremecourt.com)

202.128.85.61 reverses to guamsupremecourt.com but the domain does not resolve to that IP (it resolves to an IP belonging to ev1.net). mail.guamsupremecourt.com resolves to 202.128.85.61.
Any other suggestions besides calling the ISP to fix the rDNS on their nameservers (It takes forever for them to respond to anything)?

[chirpy]

OK, you could try on the IP address instead:

Code:

require verify = reverse_host_lookup
  message = Your mail server IP address ($sender_host_address) has no reverse DNS PTR
  !hosts = 202.128.85.61

If that also fails, I guess it's up to the senders server admin to sort it out

[sivadc]

Just tried it, didn't work. Guess I have to contact their admins. Thanks for the help though chirpy!

[chirpy]

Sorry that it didn't work.

[sivadc]

No need to be sorry . Spoke to the person who admins their dns servers and got him to fix the PTR record, so all is well. Turned out to be much less of a headache then I imagined it would be. Much easier than figuring out a workaround.