domain admin reverse lookup

3

3spades

Verified User
Joined
Dec 17, 2003
Messages
12
Location
Brooklyn NY
I was able to add a domain that I didnt own and wasnt pointing to my server. This will be a major pain if a client just decided to add lets say hotmail.com to their account. Is it possible to check the domain theyre adding is pointing to the nameservers/ip of the server?
 
Think you will find this with any panel.... doing what you suggested simply annoys the average user, since they have to have the DNS chnaged *prior* to creating the account.. This obviously stops users from transferring and testing their site when moving - usually causing problems aswell as downtime.

Chris
 
ProWebUK said:
Think you will find this with any panel.... doing what you suggested simply annoys the average user, since they have to have the DNS chnaged *prior* to creating the account.. This obviously stops users from transferring and testing their site when moving - usually causing problems aswell as downtime.

Chris
Click to expand...
Wouldnt it cause bigger problems if they decide to add hotmail.com and all email to hotmail.com users will be sent to the local domain and then clog the queue when they cant be delivered? Im all for having my customers wait for domains to propagate and add than adding a domain they dont own causing problems.
 
A simple soloution - create the account hotmail.com in DA (so it cant be created again) and remove everything relatated to that domain besides the directadmin data directory... im pretty sure thats the most DA *requires*...

Chris
 
Maybe it seems not important at first sight. But i think, this can cause very serious problems.

Just imagine.
We are sending our mail thru our server's SMTP.
One of the customers on that server (at NAC) going to add 'nac.net' domain to his account. Then, he setting up mail-forwarding script which saves a copy of message and then resends message to _real_ nac.net MX (maybe via another SMTP). So, we don't see any intervention in mail routing.
Some day, one of NAC's techs asking us for the root password, and ...
Yes, that user will catch that password!

This thing can happend with any domain! And one of the users can do such thing to steal confidential information from another user on the same server!

So can you advice, how to configure exim to check recipient's MX record in preference to looking into localdomains list?
 
Any automated hosting system works this way, and MUST work this way.

Frankly, I wouldn't use a hosting system that didn't allow a domain to be added before it resolved to the server.

Aside from everything else, it can't resolve to the server until after it's added, because it's DNS isn't hosting anywhere.

Or are you recommending not let it be added to the server unless the whois record shows the nameservers as being on the DA server? That wouldn't work either, because there's no reason for anyone to host DNS on your server; forcing them to do that just eliminates clients and causes customer support issues.

I certainly want to allow automatic signups on my DA servers. To do that I must provision the domain before it's pointed to my servers.

Yes, an unscrupulous customer could buy domain space on my box, set it up as hotmail.com, and then no one would be able to use my mailserver to send email to the real server.

The proper way to handle this is the way we do: do NOT support using your server for outgoing email. Tell your clients the only way they should be sending outgoing email is through their ISP's server.

I suppose you could create a script to check the domains directory and send you a warning email if, for example, for three days in a row, the domain didn't resolve to your server but was hosted there.

But that's as far as I'm willing to take it.

Jeff
 
Restrict SMTP usage for customers it's not good solution, IMHO.
Some GPRS providers doesn't provide SMTP, some customers using several provider's and doesn't want to switch between different SMTPs every time, some dialup providers blacklisted on some mail-servers. Possibility to use hoster's SMTP is very useful in such cases.

(CPanel have a feature to make some checks of domain configuration before it can be parked. Of course i't's causes some inconvenience, but anyway it's not useless thing.)

But, as i said before, I think the best and simpliest solution is MX-based mail-routing in preference to local delivery.
Just still don't know how to configure exim for that :(
 
ClayRabbit said:
Restrict SMTP usage for customers it's not good solution, IMHO.
Click to expand...
We're not restricting it. We allow all our clients to use our SMTP servers.

Currently we offer both POP before SMTP and SMTP AUTH, but wihin the next few months we'll probably be eliminating POP before SMTP as an option.

What we don't do is support it, as I stated in my previous post.

The reason we don't support it is because we can't. Since most ISPs now no longer allow port 25 traffic off their networks except through their mailservers we can't possibly guarantee that it'll work.

(We do support ISPs not allowing port 25 traffic off their network except through their mailservers; when I ran dialup ISPs in the past I did the same; it's simply a matter of spam control; another case where the few make it hard to supply services to the many.)
Some GPRS providers doesn't provide SMTP, some customers using several provider's and doesn't want to switch between different SMTPs every time, some dialup providers blacklisted on some mail-servers.
Click to expand...
If your dialup provider is being blacklisted it'd behoove you to find out why; it's been my experience that an ISP is more likely to have traffic from it's address space blocked if it doesn't block outgoing traffic on port 25 than if it does.
Possibility to use hoster's SMTP is very useful in such cases.
Click to expand...
All the above said, we do offer (as a separate product) outgoing SMTP through other ports (besides port 25) for clients who can't get email sent any other way.
(CPanel have a feature to make some checks of domain configuration before it can be parked. Of course i't's causes some inconvenience, but anyway it's not useless thing.)
Click to expand...
I've never used CPanel, so I can't possibly comment on what it does or doesn't do. I do know that if we didn't allow parking before the domain showed up in nameservers advertised for them at the rootservers we wouldn't do any parking at all; our clients would never come back to set up later something they couldn't set up at the same time they order the domain.
But, as i said before, I think the best and simpliest solution is MX-based mail-routing in preference to local delivery.
Just still don't know how to configure exim for that :(
Click to expand...
Please explain what you mean by "MX-based mail-routing in preference to local delivery".

Exim is the most configurable smtp server I've ever seen (and I've been using email for at least 20 years); I'm sure I can tell you how to do what you need to do.

Jeff
 
Hello, Jeff

That problem is still actual for me :)
So it's still would be nice if you advice how to configure exim to deliver messages in such way.

Example. Exim received a letter from local user with recipient [email protected]

Currently exim will search domain.com in localdomains and deliver message locally if it's found. If domain.com is not found in localdomains exim will try to find MX for that domain and deliver message to this host. Right?

I need exim to act in opposite way:

First, try to find MX for domain.com, and if it's found (and it's not same server as localhost) - deliver message to that host.
If MX pointed to us (or not found) check localdomains, and then, if domain.com found there, deliver message locally.
 
You could change the "routers" section of exim (the section beginning with the line "begin routers".

The problems I see are:

(1) exim will send messages a bit more slowly

(2) exim will have to refer to a list of all IP#s assigned to the server and check it for all IP#s. I'm not sure how to do that using exim.conf.

More help should be available from exim's author, from the exim list members and from other exim-users.

See Exim's site for more information and ideas.

Or hire someone (us?) to do it for you. We'd have a learning curve before we could do it, though; you might find someone on the exim-users list who can help you.

Jeff
 
Last edited:
I think I already suggested this a while ago, but I will suggest it again.

Maybe it's better to restrict a user to add domains. Just let resellers and admin's add domain's. A user that can add domains will do it. A reseller or admin will think twice before doing it I guess.
 
After reading exim manual i found very simple way to reconfirure routing the way i need it.

Replaced
Code: 
lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8
  transport = remote_smtp
  no_more
with
Code: 
lookuphost:
  driver = dnslookup
#  domains = ! +local_domains
  domains = ! $primary_hostname
  ignore_target_hosts = 127.0.0.0/8
  self = pass
  same_domain_copy_routing = true
  transport = remote_smtp
  no_more

Yes, exim will send messages to local addreses a bit more slowly, but there is no other way to prevent MX-independend delivery.

Yesterday i modified exim.conf on our servers. Didn't see any problems with new configuration for a while.
 
Last edited:
You must log in or register to reply here.
Back
Top