Can I configure exim to accept mail on a server without an MX DNS record?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can I configure exim to accept mail on a server without an MX DNS record?
I'm trying to configure a domain that has never accepted mail from external sources to start. The server runs exim, which I've never used. I send a message to the domain using its ip, for example fred@123.456.789.012. exim logs:
Quote:
rejected RCPT : The mail server could not deliver mail to fred@123.456.789.012. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
Code:
dig mx 123.456.789.012
returns NXDOMAIN . fred gets and sends mail locally (sends it to remote too), is not in the blacklist. Why does the message get to exim if the MX domain doesn't exist? Secondly, since it gets to exim, is it possible to get exim to ignore the lack of a DNS entry for the domain and send fred the message? I don't want to change the DNS record.
I'm trying to configure a domain that has never accepted mail from external sources to start. The server runs exim, which I've never used. I send a message to the domain using its ip, for example fred@123.456.789.012. exim logs:
Code:
dig mx 123.456.789.012
returns NXDOMAIN . fred gets and sends mail locally (sends it to remote too), is not in the blacklist. Why does the message get to exim if the MX domain doesn't exist? Secondly, since it gets to exim, is it possible to get exim to ignore the lack of a DNS entry for the domain and send fred the message? I don't want to change the DNS record.
Absolutely. And it might even work. Kinda.
Without an MX record no properly configured mail server will forward mail into your unregistered domain. If they wanted to there will be no way for an external mail server to know how to route traffic to that domain: that is what the MX record provides.
IT can be useful on your local network running unsecured servers and clients, but that is risky if there is even a possibility of access from the internet.
BTW: the BIND record for the host does not change, but the MX record defines the mail server(s) for that mail domain for the rest of the world or network. In other words: it is not a change of a DNS record, it is an added record.
Without an MX record no properly configured mail server will forward mail into your unregistered domain.
Actually it does. The purpose of a DNS record is to translate domain.org to 123.456.789.012 . If an SMTP client contacts 123.456.789.012 its SMTP server can accept the message. That's what happens on my server. Unfortunately it doesn't know how to route it internally.
Quote:
Originally Posted by wpeckham
If they wanted to there will be no way for an external mail server to know how to route traffic to that domain: that is what the MX record provides.
That's a sensible opinion but not necessarily what happens.
Quote:
Originally Posted by wpeckham
BTW: the BIND record for the host does not change, but the MX record defines the mail server(s) for that mail domain for the rest of the world or network. In other words: it is not a change of a DNS record, it is an added record.
Yes, but that's a change of my DNS records, which I don't want to do.
Quote:
Originally Posted by sandratom
Never checked it out, but I think it's possible!
Thanks for the encouragement! I queried the exim users mailing list and got some useful information. I needed to add accept_domain_literals to exim.conf, add the IP to localdomains and manualmx. Now when I test the address
Code:
exim -bt fred@123.456.789.012
I get
Quote:
LOG: MAIN
remote host address is the local host: 123.456.789.012 (while routing <fred@123.456.789.012>)
fred@123.456.789.012 cannot be resolved at this time: remote host address is the local host
but the log records:
Quote:
2021-11-21 21:38:13.188 [19312] H=mail-oo1-f53.google.com [209.85.161.53]:43916 I=[123.456.789.012]:25 X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<arthurbanana@gmail.com> temporarily rejected RCPT <fred@123.456.789.012>: host lookup for mylocaldomain.mydomain.org did not complete (DNS timeout?)
It knows the remote host address is the local host but can't resolve it. It knows 123.456.789.012 is the local host but can't route a message to a recipient on it. fred gets local mail all day. It apparently doesn't consult /etc/hosts.
Actually it does. The purpose of a DNS record is to translate domain.org to 123.456.789.012 . If an SMTP client contacts 123.456.789.012 its SMTP server can accept the message. That's what happens on my server. Unfortunately it doesn't know how to route it internally.
No argument, but note that I said
Quote:
Absolutely. And it might even work. Kinda.
Without an MX record no properly configured mail server will forward mail into your unregistered domain. If they wanted to there will be no way for an external mail server to know how to route traffic to that domain: that is what the MX record provides.
IT can be useful on your local network running unsecured servers and clients, but that is risky if there is even a possibility of access from the internet.
I stand by that. Any of my mail servers would bork and refuse to transfer to or from an SMTP server that was unregistered. Without an MX record your server is externally unregistered as a mail domain. You CAN use it on your internal network, but any properly secured mail server (all of the big services like gmail, yahoo, aol, etc.) are likely to blackwall your server and domain.
If they did not, they would be supporting and encouraging email spam blasters. That was the way it was back in the 1990s, we got smarter since then.
To the point, yes, you can configure EXIM or any other MTA as a mail server and service and internal domain. Servicing external mail is more complicated, and for much of it an MX record will be required. You have to convince the security on remote email servers that you are a valid email server, that your security meets certain standards (no blind forwarding). Without a published mail domain that is freaky hard!
The local MTA part is easy without the rest.
How useful it is will depend upon what you want to accomplish.
you can configure EXIM or any other MTA as a mail server and service and internal domain. Servicing external mail is more complicated, and for much of it an MX record will be required. You have to convince the security on remote email servers that you are a valid email server, that your security meets certain standards (no blind forwarding). Without a published mail domain that is freaky hard!
I don't understand the security concern. EXIM knows the sender is valid. What difference will 123.456.789.012 having an MX record make? The message arrives, has an internally-valid recipient, but EXIM discards it because the target domain is also the local host - it would be easy to put it in fred's mail. fred gets messages every day. I'm not talking about securing external mail. BTW, EXIM sends mail from this fictional server to my gmail account without complaint.
Quote:
Originally Posted by wpeckham
What is it you want to accomplish?
A report arrives daily. fred (a fictional user who maintains spreadsheets) extracts data from this file and puts it into a spreadsheet. Right now fred polls the location that file is posted, but that happens later and at random times, so fred has to look all day. The person who wants this spreadsheet to be timely would rather that fred receive the report, update the spreadsheet sooner. In the good old days everything happened on this server. As we've grown larger and more sophisticated external mail is now handled by a Microsoft Outlook server (sigh!); this data server doesn't accept mail. For internal purposes it runs EXIM. I started this hoping it would be easy, still don't see why it can't be.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.