The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

help allowing specific domain to bypass reverse dns lookup in exim

Discussion in 'Bind / DNS / Nameserver Issues' started by sivadc, Apr 1, 2005.

  1. sivadc

    sivadc Active Member

    Joined:
    Dec 10, 2003
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Just to preface, I'm not an expert in using exim by any means so I apologize in advance if I misstate something, or if this extremely easy to resolve. On to the problem!
    I currently have exim set up to do reverse dns lookups for incoming email messages (as a way of reducing the amount of spam our customers receive). This is what I have in the ACL section of the exim configuration editor:

    require verify = reverse_host_lookup
    message = Your mail server IP address ($sender_host_address) has no reverse DNS PTR


    In order to exempt domains that do not have reverse dns set up (but whose incoming mail needs to be accepted) I add them to my /etc/hosts file. There is one particular domain that I am having problems with though, I'll call it dumbdomain.com. The problem is as follows.

    -dumbdomain.com has an mx record which points to mail.dumbdomain.com
    -mail.dumbdomain.com resolves to 1.1.1.1
    -1.1.1.1 reverses to dumbdomain.com
    -dumbdomain.com resolves to 2.2.2.2


    so whenever I receive an email from dumbdomain.com exim_mainlog shows the following error:

    2005-04-01 16:35:55 H=(superior-0pmh5w.Supreme.loc) [1.1.1.1] F=<user@dumbdomain.com> rejected RCPT <user@mydomain.com>: host lookup failed (1.1.1.1 does not match any IP address for dumbdomain.com)

    I understand why it's saying that, but I don't know how to get exim to accept the mail anyway besides actually turning reverse dns lookup off. Adding "1.1.1.1 mail.dumbdomain.com" to /etc/hosts doesn't do anything. I would greatly appreciate any help with this.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You could try something like this instead (untested):

    Code:
    require verify = reverse_host_lookup
      message = Your mail server IP address ($sender_host_address) has no reverse DNS PTR
      !sender_domains = /etc/skiprdns
    Then add dumbdomain.com to /etc/skiprdns
     
    #2 chirpy, Apr 1, 2005
    Last edited: Apr 1, 2005
  3. sivadc

    sivadc Active Member

    Joined:
    Dec 10, 2003
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Sounds simple enough, I'll try it and let you know how it goes. Thanks chirpy!

    On a side note, is there any reason why they might have it set up that way? Their dns that is. . . Or are they just incompetent.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's a very common mistake unfortunately. Much of the responsibility, in my mind, rests with the NOCs which own the netblocks. They really should set an rDNS PTR record for all their IP addresses by default - many of the larger server providers do do this, thankfully.
     
  5. sivadc

    sivadc Active Member

    Joined:
    Dec 10, 2003
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Hey chirpy, just wanted to let you know that, unfortunately, the modification didn't work. I tried listing both mail.dumbdomain.com and dumbdomain.com in the new /etc/skiprdns file but exim is still rejecting the email with the following response (i'll leave the real information so you can see for yourself):

    2005-04-04 13:59:47 H=(superior-0pmh5w.Supreme.loc) [202.128.85.61] F=<user@guamsupremecourt.com> rejected RCPT <user@mydomain.com>: host lookup failed (202.128.85.61 does not match any IP address for guamsupremecourt.com)

    202.128.85.61 reverses to guamsupremecourt.com but the domain does not resolve to that IP (it resolves to an IP belonging to ev1.net). mail.guamsupremecourt.com resolves to 202.128.85.61.
    Any other suggestions besides calling the ISP to fix the rDNS on their nameservers (It takes forever for them to respond to anything)?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    OK, you could try on the IP address instead:
    Code:
    require verify = reverse_host_lookup
      message = Your mail server IP address ($sender_host_address) has no reverse DNS PTR
      !hosts = 202.128.85.61
    If that also fails, I guess it's up to the senders server admin to sort it out :)
     
  7. sivadc

    sivadc Active Member

    Joined:
    Dec 10, 2003
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Just tried it, didn't work. Guess I have to contact their admins. Thanks for the help though chirpy!
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    :( Sorry that it didn't work.
     
  9. sivadc

    sivadc Active Member

    Joined:
    Dec 10, 2003
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    No need to be sorry :) . Spoke to the person who admins their dns servers and got him to fix the PTR record, so all is well. Turned out to be much less of a headache then I imagined it would be. Much easier than figuring out a workaround.
     
Loading...

Share This Page