Mailfromdnsverify, nomailfromdnsverify Channel Options

Verify that the domain on the MAIL FROM: line is in the DNS
Setting  on an incoming  TCP/IP channel causes the MTA to verify that an entry in the DNS exists for the domain used on the SMTP MAIL FROM: command, and to reject the message if no such entry exists. is the default, and means that no such check is performed.

Note that performing DNS checks on the return address domain may result in rejecting some desired valid messages (for instance, from legitimate sites that simply have not yet registered their domain name, or at times of bad information in the DNS); it is contrary to the spirit of being generous in what you accept and getting the e-mail through, expressed in RFC 1123, Requirements for Internet Hosts. However, some sites may desire to perform such checks in cases where junk e-mail (SPAM) is being sent with forged e-mail addresses from non-existant domains.

The introduction of DNS wildcard entries in the COM and ORG top level domains which occurred in September 2003 severely limited the effectiveness of the  channel option. (The wildcards have subsequently been removed, however, such practices could resume at any time.) As of the 6.1 release of the Messaging Server MTA,  code has been modified to address this. When the DNS returns one or more A records (which would normally be considered a "success" and the message would be allowed in), their values are compared against the domain literals specified by the MTA option. If a match is found, then the domain is considered to be invalid.

With  on, as of Messaging Server 6.0 and later the MTA attempts an MX lookup on the domain of the MAIL FROM: command. As of MS 6.1 and later, if that MX lookup returns no data (no MX record exists) then the MTA moves on to attempting a  call. That is, a success at the MX record lookup stage allows the message in; errors other than simply no such MX record (e.g., a nameserver "server failed" error) at this MX record lookup stage will result in a temporary rejection with error 450 4.1.8 invalid/host-not-in-DNS return address not allowed while (with MS 6.1 or later) a no such MX record found case moves onward to checking the result of a  call. (In iMS 5.2, only the  was attempted; no explicit MX record lookup was performed.)

When the MTA does a  call, if this DNS query results in an authoritative "host not found" response, then the message will be rejected with a permanent rejection 550 5.1.8 invalid/host-not-in-DNS return address not allowed error message. A no data response, as would occur for the case of a name which has only a CNAME record in the DNS, is considered a successful response; the message will be allowed in. Any other error responses from the DNS will result in a temporary error 450 4.1.8 invalid/host-not-in-DNS return address not allowed deferring the message: the MTA will not accept the message at the present time, but the sending side should try sending it again later (in case perhaps their DNS problem, whatever it was, gets fixed).

New in 8.0 is specialized handling for MX entries of the form: nomail         IN MX 0. Such entries are intended to be an indication that host "nomail" does not operate a mail server. Support has been added so that  will treat such hosts as not being a valid source of mail. (Additionally, attempts to send to such a host will fail immediately after the MX lookup instead of attempting any sort of A record lookup.)

If the   channel option has been enabled on an incoming channel, then rejections due to a   check on that channel will be logged to the   file as a "J" record.

See also:
 * TCPIP channels
 * logging Option
 * blocked_mail_from_ips MTA Option
 * return_envelope MTA Option
 * returnenvelope Option
 * error_text_mailfromdnsverify MTA Option
 * mx Option
 * error_text_null_mx MTA Option
 * SMTP and LMTP protocol channel options
 * TCPIP connections and DNS lookups channel options
 * Channel options