[Mimedefang] Domain canonifying and RFCs
Joseph Brennan
brennan at columbia.edu
Sat Sep 24 22:36:22 EDT 2016
Marcus Schopen <lists at localguru.de> wrote:
>> P.S. I know the setting confDONT_EXPAND_CNAMES will disable this
>> behaviour, but I would prefer not to implement this. Also I cannot
>> modify the DNS records since it is an external DNS server.
>> They insist their DNS settings are RFC compliant.
>>
>> Their DNS records looks like this:
>> c.domain.com IN A 1.1.1.1
>> a.b.domain.com. IN CNAME c.domain.com.
>> c.domain.com. IN MX 10 mail.domain2.com
>> c.domain.com. IN MX 20 mail2.domain2.com
>>
>> user at a.b.domain.com will be rewitten to user at c.domain.com
What harm results from this? The CNAME record defines that the canonical
name of a.b.domain.com is c.domain.com. The above structure looks compliant
to me too. I don't understand the question.
The address user at a.b.domain.com is undeliverable otherwise, since there is
no MX or A record for a.b.domain.com.
RFC 2821 says:
Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs.
So a CNAME is allowed if it can be resolved to a MX or A RR. The next
update, RFC 5321 says the same thing, adding IPv6 AAAA records:
Only resolvable, fully-qualified domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
in Section 5) are permitted, as are CNAME RRs whose targets can be
resolved, in turn, to MX or address RRs.
So the only reason a.b.domain.com can be used (successfully) in an address
is that it resolves to c.domain.com. It has to be rewritten.
Joseph Brennan
Columbia University
More information about the MIMEDefang
mailing list