[Mimedefang] Domain canonifyin?g and RFCs

Ernst du Plooy eduplooy at gmail.com
Thu Oct 20 03:12:01 EDT 2011 

David F. Skoll wrote:
> You can use other rules to rewrite internal domains.  I think
> confDONT_EXPAND_CNAMES should be the default.

Kees Theunissen wrote:
>Notwithstanding the above, you probably shouldn't rewrite those
>addresses.

I agree.  We probably should not rewrite that domain.  To be honest it
is more a political issue where two top level managers from the two
companies are butting heads pointing fingers to each other. The
externel companies manager insists that they are RFC complient and
they don't care if an estimate of around 30% of servers might rewrite
their sending domain - since they are are RFC complient and the other
companies are not. They reject e-mail that is sent to their real
domain - so they do loose e-mail.  In theory they are right, but it
practice I personally feel they should compensate. On our side the
manager does not want to change our config to not rewrite their
address since he believes they should modify their DNS to be "world
compatible".  In practice he is probably right, but again IMHO I
believe we should compensate.  I don't think the issue will get
resolved unless I get a RFC prohibiting their DNS setup, but I believe
thats fighting a loosing battle.

Thanks for all the inputs from everyone.  It's appreciated.

As a last comment (and for interest sake) the following issue is
raised by RFC 1034, but I don't think it is clear en enough to force a
change on their DNS config.

While the use of CNAME RRs with MX records is implemented and
generates a working configuration it is theoretically not permitted
(RFC 1034 section 3.6.2) since it can result in lost names (if the
config is not correct).

Here is a technically invalid configutation.

domain.com   IN      MX  10  mail.domain.com.
mail.domain.com     IN      CNAME   server1.domain.com
server1.domain.com  IN      A      192.168.1.1

If I issue a query for the A RR of mail.domain.com the result will
return both the CNAME RR (mail.domain.com) and the A RR
(server1.domain.com).  When we however use the A RR
(server1.domain.com) the name associated with the CNAME will be lost,
that is, there is a valid MX record referencing the host
mail.domain.com and an A RR referencing server1.domain.com but nothing
joins the two records.

RFC 1034 states: "If a CNAME RR is present at a node, no other data
should be present; this ensures that the data for a canonical name and
its aliases cannot be different.". So we can modify the above
configuration to ensure we can join the CNAME and MX records as
follows:

domain.com            IN      MX  10  mail.domain.com.
server1.domain.com      IN      CNAME   mail.domain.com.
mail.domain.com   IN      A      192.168.1.1

The above configuration will work perfectly since a valid mapping of
the MX name to the A RR name is made.

More information about the MIMEDefang mailing list