Re: [Exim] Domain literals: weighing up the arguments

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim User's Mailing List
Date:  
À: Exim User's Mailing List
Sujet: Re: [Exim] Domain literals: weighing up the arguments
[ On Friday, December 5, 2003 at 10:55:58 (+0000), Philip Hazel wrote: ]
> Subject: Re: [Exim] Domain literals: weighing up the arguments
>
> Just because a box has an IP address doesn't mean it should/must/will
> accept email. In the days when we had an IBM mainframe (a decade ago
> now) it had an IP address, but did not accept SMTP mail. It had an MX
> record that pointed to an intermediate box that passed on the mail by a
> non-TCP/IP route. It got boring trying explain to people that this was
> perfectly legitimate.


Sure, that's all well and good and I agree 100% up to this point.

However.... This issue of supporting literal IP addresses in e-mail
isn't about arbitrary IP reachable hosts. This is about SMTP servers
listening and accepting connections on the SMTP port for the purpose of
accepting normal e-mail.

There are innumerable cases where the only way to route mail to a given
_mail_ server is by its IP address, and one _must_not_ expect every need
to use bare IP addresses to be accompanied by the ability to use telnet
directly and "speak" SMTP.

Once upon a time this was in fact the only guaranteed sure way to get
through to a given _mail_ server when the DNS was all FUBAR, and one
would see almost daily recommendations to use such addressing forms on
the related Usenet newsgroups. These days the DNS is almost infinitely
more reliable, but that doesn't mean it's now infallible. The need to
support literal IP addresses in mail routing has not gone away.

While accepting mail to <postmaster> is all well and good (and required)
it does not alone fully satisfy the requirement of every mailer having a
valid working <postmaster> mailbox. One _must_ expect that any local
domain or any "local" IP literal might be appended to that mailbox
address. After all this is how almost every know SMTP mailer will
present the recipient address when it is told to route mail to
<postmaster@[N.N.N.N]> or <postmaster@???>.

I.e. if a proper SMTP mail server cannot accept mail to a mailbox
address using its own literal IP address, and specifically if it does
not accept mail to <postmaster@[N.N.N.N]> where "N.N.N.N" is the IP
address it listens for SMTP connections on, then that mail server is
plainly, and sadly, _broken_.

Note: it is _extremely_ trivial for any MTA using the BSD "sockets" API
to know whether or not the literal IP address used in an e-mail address
matches the local IP address it accepted the connection on, and while
there may be some sockets bugs which cause confusion on rare multi-homed
machines, this will not normally be a problem.

Similarly every proper SMTP mail server should attempt to the best of
its ability to accept mail to <postmaster@???> where
"host.domain" is _any_ host domain name which resolves to _any_ address
that server is accepting SMTP connections on. (Of course it's a heck of
a lot harder for a mail server to automatically discover every hostname
that might resolve to a local address, and I'm not suggesting the mailer
must always check the domain name it sees in every address to see if
that name resolves to a local address, but at least the postmaster
should be cognisant of the likely list of hostnames resolving to local
addresses and configure his mailer to accept all of those hostnames as
locally deliverable domains.)


> Moving on to today. I'm sending this message from cus.cam.ac.uk


It doesn't really matter at all where you're sending _from_, just as it
really doesn't matter whether a given domain name with an MX record also
has an A RR that ultimately points to a different IP address than the MX
target name points to.

What matters is that every proper SMTP server accept mail addressed
using that mail server's own IP address(es) or its own host domain
name(s), _especially_ to the "postmaster" local part!

> We have not accepted mail to IP literals for as long as I've been
> involved, which is now over 10 years. It does not seem to have done us
> any noticeable harm.


How the heck could anyone on the receiving end possibly ever measure how
much harm such a failure would cause?!?!?!? Unless you can identify
from your logs all of the attempts to use IP literals and you can guess
sufficiently accurately about which might have "legitimate", you have no
way of even guessing what level of harm or inconvenience you've caused!
Assuming that "silence is golden" can be fatal.

--
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>