MX Verification Documentation

The MX verification mechanism is controlled by options set in the spasm configuration file: VerifyMX, VerifyMXExpire, VerifyMXExpireInterval, and VerifyMXMaxAttempts.

Setting the VerifyMXoption (path to the MX verification database) turns MX verification on. When a server sends an envelope sender address, spasm first searches the MX verification database for the hostname portion of the address.

• If an entry is found, its stored value determines whether to accept or reject the message.
• If no entry is found, spasm attempts to connect to the MX record[s] associated with the hostname, or the hostname directly. Up to VerifyMXMaxAttempts connection attempts are made. The timeout is 45 seconds. If a connection is successfully made, and the banner returns a 220 or 421 code, the envelope sender address is accepted. If not, it is rejected. The result is then stored in the database with an expire time set to the current time plus VerifyMXExpire.

Expired database entries are automatically removed at intervals defined by VerifyMXExpireInterval.

Unlike other callback verification mechanisms, spasm does not attempt to verify the full sender address. It only attempts to verify that a mail server responsible for the sender address's domain can be reached.