Mailing List Archive

On Thu, Aug 26, 2021 at 10:57:49AM +0200, Cyborg via Exim-users wrote:
> My actual problem is to build the content of local_domains from DNS IN MX
> Records. The server shall only handle the domain as local,
> if the mx is pointing to an address on the host.

If so, then anybody making pointer to your server in MX record for
controlled domain (not your domain) could send spam to you.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 2021-08-26, Cyborg via Exim-users <exim-users@exim.org> wrote:
> Hi,
>
> the exim docs do not seem to cover the topic of "how to build" a
> local_domains list, they only cover the topic of "whats the syntax of a
> list".
>
> My actual problem is to build the content of local_domains from DNS IN
> MX Records. The server shall only handle the domain as local,
> if the mx is pointing to an address on the host.

Ok, if DNS has the answer, what do you need local_domains for?

> Has anyone done this?

No, because it's impossible, there is no DNS lookup that will find all
the domains that use any host as their MX.

> Can it be archived without perl script execution, which would be a
> performance drop at least?

There's probably a better solution to be had by using routers.
something like:

routers

i_the_mx:
driver = dnslookup
ignore_target_hosts = !<this_host_ip_address> : !<this_host_other_ip_address> : ...
self = send
# code here to check the mailbox part.

deny_external:
driver = manualroute
condition=${if eq{}{$authenticated_id}}
allow_fail
data=:fail: relay access denied

...

Then in the rcpt acl you just say

require
verify=recipient

--
Jasen.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Am 26.08.21 um 11:38 schrieb Evgeniy Berdnikov via Exim-users:
> On Thu, Aug 26, 2021 at 10:57:49AM +0200, Cyborg via Exim-users wrote:
>> My actual problem is to build the content of local_domains from DNS IN MX
>> Records. The server shall only handle the domain as local,
>> if the mx is pointing to an address on the host.
> If so, then anybody making pointer to your server in MX record for
> controlled domain (not your domain) could send spam to you.

No.. local_domains may say that it found a matching mx for the domain,
but there is no mailbox, forward or anything
configured for this domain => mailbox not found , goodbye spammer.

The reason the mx should decide this, are the other users on the server.

Example:

You have domain foo.com and bar.com on the same server.

If you have both foo.com and bar.com in your local_domains,
a mail send from foo.com to bar.com is interally accepted and delivered.

If i.e. the bar.com owner changes the mx to another host, foo.com will still
deliver it's mails to bar.com locally, as local_domains says so.

Thats where the mx check comes in handy:

if the msg comes in, local_domains may only contain the domain, if the
mx returns a valid ip/cname.
if foo.com now sends a mail for bar.com and the mx does not point to the
server itself,
the message is handeld as if it was never on the server, completly
ignoring the (old) local config for this domain .

This scenary is a  reallife problem in multi-domain hosting. If you only
have a handfull of domain, most of them your property or under your
admin control, you won't have it and will never have thought about it.
With thousands of domains and external admins just switching mx entries
as they like, it gets a problem for all those on the server, who send
mail to the switched domain. The users correctly assume, that the server
will handle this situation.




--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Thu, Aug 26, 2021 at 2:35 PM Cyborg via Exim-users <exim-users@exim.org>
wrote:

> Am 26.08.21 um 11:38 schrieb Evgeniy Berdnikov via Exim-users:
> > On Thu, Aug 26, 2021 at 10:57:49AM +0200, Cyborg via Exim-users wrote:
> >> My actual problem is to build the content of local_domains from DNS IN
> MX
> >> Records. The server shall only handle the domain as local,
> >> if the mx is pointing to an address on the host.
> > If so, then anybody making pointer to your server in MX record for
> > controlled domain (not your domain) could send spam to you.
>
> No.. local_domains may say that it found a matching mx for the domain,
> but there is no mailbox, forward or anything
> configured for this domain => mailbox not found , goodbye spammer.
>
> The reason the mx should decide this, are the other users on the server.
>
> Example:
>
> You have domain foo.com and bar.com on the same server.
>
> If you have both foo.com and bar.com in your local_domains,
> a mail send from foo.com to bar.com is interally accepted and delivered.
>
> If i.e. the bar.com owner changes the mx to another host, foo.com will
> still
> deliver it's mails to bar.com locally, as local_domains says so.
>
> Thats where the mx check comes in handy:
>
> if the msg comes in, local_domains may only contain the domain, if the
> mx returns a valid ip/cname.
> if foo.com now sends a mail for bar.com and the mx does not point to the
> server itself,
> the message is handeld as if it was never on the server, completly
> ignoring the (old) local config for this domain .
>
> This scenary is a reallife problem in multi-domain hosting. If you only
> have a handfull of domain, most of them your property or under your
> admin control, you won't have it and will never have thought about it.
> With thousands of domains and external admins just switching mx entries
> as they like, it gets a problem for all those on the server, who send
> mail to the switched domain. The users correctly assume, that the server
> will handle this situation.
>
>
That issue is not solved by pretending that these hosted domains are
"local_domains" domains, which only introduces a bunch of problems.

Additionally, it is better if the mail client facing SMTP server does not
deliver mail locally to domains it hosts, but instead always performs an MX
record lookup.

In other words, separate the roles of accepting incoming e-mail and sending
authenticated outgoing e-mail.

In both cases, you'll probably want to keep lists of all valid e-mail
addresses configured for the domain in question, so that you can reject
both outgoing and incoming e-mail with falsified addresses, or if e.g. an
account for joebob.example tries to send e-mail on behalf of
bobbybrown.example.
--
Jan
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Thu, Aug 26, 2021 at 02:26:27PM +0200, Cyborg via Exim-users wrote:
> This scenary is a? reallife problem in multi-domain hosting. If you only
> have a handfull of domain, most of them your property or under your admin
> control, you won't have it and will never have thought about it. With
> thousands of domains and external admins just switching mx entries as they
> like,

If somebody change MX to other host, he should think also how to handle
multiple mailboxes (hosted on "old" place and on "new" one),
and what to do with already stored mails.

> it gets a problem for all those on the server, who send mail to the
> switched domain. The users correctly assume, that the server will handle
> this situation.

There is no such problem if locally submitted mails are always relayed
via smarthost, even if they addressed to local users. To obey your scheme,
smarthost should use only MXes for routing.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Thu, Aug 26, 2021 at 3:24 PM Evgeniy Berdnikov via Exim-users <
exim-users@exim.org> wrote:

>
> If somebody change MX to other host, he should think also how to handle
> multiple mailboxes (hosted on "old" place and on "new" one),
> and what to do with already stored mails.
>

Yes, this is something the client/customer and host/provider ideally should
be discussing before a change.

But if a domain holder changes the domain's DNS records to indicate that
delivery should happen at a different MX, it is not, ordinarily, reasonable
for a provider to override that.

There may be contractual requirements to override it, of course, but in
general, overriding DNS leads to confusion and (for the users)
"disappearing" e-mail.


> There is no such problem if locally submitted mails are always relayed
> via smarthost, even if they addressed to local users. To obey your scheme,
> smarthost should use only MXes for routing.
>
>
Ideally, all submitted e-mail should be routed on the basis of MX records
(or, in their absence, A records).

Additionally, you can (and in my humble opinion ought to) perform SPF and
DMARC policy lookups to determine whether your server is currently
authorized to send e-mail on behalf of the sending domain.
--
Jan
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Am 26.08.21 um 15:35 schrieb Jan Ingvoldstad via Exim-users:
> On Thu, Aug 26, 2021 at 3:24 PM Evgeniy Berdnikov via Exim-users <
> exim-users@exim.org> wrote:
>
>> If somebody change MX to other host, he should think also how to handle
>> multiple mailboxes (hosted on "old" place and on "new" one),
>> and what to do with already stored mails.
>>
> Yes, this is something the client/customer and host/provider ideally should
> be discussing before a change.
Correct, but in reality, they don't think that far.

Quote: "We have changed mx, so your service needs to follow."

Best regards,
Marius
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Am 26.08.21 um 15:35 schrieb Jan Ingvoldstad via Exim-users:
>
> But if a domain holder changes the domain's DNS records to indicate that
> delivery should happen at a different MX, it is not, ordinarily, reasonable
> for a provider to override that.
>
>

Thanks to any suggestions made, they were very helpful.

I found a way:

- New Router ( top position in router chain )
- for local_domains check if they have external mx
- check if mail comes from 127.0.0.1 OR has SMTP-AUTH
(- add checks for your relayhost configs )
- send to external mx, instead of processing locally.

... continue with normal routine ...

This covers all the requirements[we had]:

local keeps being local,
external mx get mails,
and external processors of any kind can send in mail after processing.
It does not generate loops.
(and if spammers try this host, antispam setup kicks in)

and it's already confirmed working. I could say, it came to me in a
dream, but it was more one of those heureka moments, while writing a
mail, why it doesn't work :D

Unfortunately, this router needs some help from outside exim to
function, as exim can't do the necessary mx checks, as it's logic is too
complicated and not implemented. You can use perl for it(live), or build
a domainlist of any kind(periodic checks).

if anyone thinks, this routersetup has a loophole, feel free to discuss
it, anyone will profit from it.

best regards,
Marius


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/