[Discuss] Exim sender_verify issue?

[Richard Pieri]

Peter Jalajas wrote:
> a) was only checking for A records, not MX records; and/or

You can't use MX records for sender verify. MX records don't necessarily
have IP addresses associated with them. For example:

  dig peorth.gweep.net any

There is no IP address associated with this host name. A reverse DNS
lookup on any host claiming to be peorth.gweep.net will fail. The
authoritative host name associated with the IP address does not match.

This seems like what you describe the friend doing: his MTA is
configured to say that it is a google.com host. It isn't any such thing,
and the reverse lookup on his IP address confirms it.

Your provider's system is doing precisely what it should: it rejects
mail from improperly configured, probably malicious sites.

> b) was not checking multiple nameservers.

I would need to see some mail logs and DNS traces before commenting on this.

-- 
Rich P.