Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3951
Views
0
Helpful
4
Replies

Sender Verify on MX Domain

kisanak_ironport
Level 1
Level 1

‎11-24-2006 09:17 AM

Does Ironport able to reject domain with invalid MX record? (or is it already on the feature list?)

Such as:

# host -t mx yahool.com
yahool.com mail is handled by 0 .

# host -t mx san-ying.com
san-ying.com mail is handled by 10 218.4.48.181.

# host -t mx guitarra.biz
guitarra.biz mail is handled by 0 64.202.167.73.

MTA that already implement this is Exim.

See: http://exim.org/exim-html-4.63/doc/html/spec_html/ch17.html

TIA

Labels:
0 Helpful
4 Replies 4

lucas.castro_ironport
Level 1
Level 1

‎11-24-2006 06:00 PM

What we usually do in HAT is to turn the "envelope sender DNS verification" on.

Ironport will try to determinate if the domain exists. And ironport will do it through dns queries at the domain in the sender.

0 Helpful

kisanak_ironport
Level 1
Level 1

‎11-24-2006 07:55 PM 

What we usually do in HAT is to turn the "envelope sender DNS verification" on.

Ironport will try to determinate if the domain exists. And ironport will do it through dns queries at the domain in the sender.


It is not just about if the domain exist or not.

What we'd like to achieve is to reject the messages if the domain exist but has invalid MX record entry (such as mx record that has 0, localhost, 127.0.0.1 or any numbers that is not valid for an mx record).

This is not covered by sender DNS verification.

0 Helpful

bfayne_ironport
Level 1
Level 1

‎11-27-2006 01:51 PM

You could use a filter to check the bogusmx.rfc-ignorant.org zone and bounce the message if the envelope sender matches.

See http://www.rfc-ignorant.org for more info.

0 Helpful

Donald Nash
Level 3
Level 3

‎11-30-2006 12:25 AM 

You could use a filter to check the bogusmx.rfc-ignorant.org zone and bounce the message if the envelope sender matches.

Unless I totally missed it in my search of the v4.7 documentation, AsyncOS only knows how to look up the IP address of the incoming SMTP client in DNSBLs. It doesn't know how to look up the domain name of the MAIL FROM address.

Personally, I wish they'd provide a way to implement these checks directly, rather than having to depend on an external DNSBL. It's not like AsyncOS can't figure it out on its own, since the rules are pretty deterministic. That said, being able to look up the MAIL FROM domain in a DNSBL could have other uses.

0 Helpful
Customers Also Viewed These Support Documents