On Mon, 15 May 2006, Miguel Saturnino wrote:
>
> > ... this will do what you want, except if there is a DNS configuration
> > problem, when it will defer. You may want your configuration to be robust
> > in the face of DNS problems.
>
> Thanks for your reply! What DNS problems might those be?
Inconsistent glue, broken nameserver - anything that might cause a
SERVFAIL. This should only cause problems for email to the broken domain,
so it's probably acceptable.
> I already have something somewhat similar to an audit script as I
> receive a notification every time someone adds or changes a domain name.
> The thing is that I don't really want to let an external domain to be
> treated as local, not even for half an hour. Imagine someone changes
> their domain to Gmail.com and creates a catch-all address -- they would
> receive any message sent to a Gmail account from the server.
Hmm, yes, definitely worth avoiding!
> > I don't think you want to do this. It will cause strange effects if
> > someone points an MX record at your server without you adding the domain
> > to your local_domains list. Again, the problems are most likely to occur
> > with locally-submitted email, which bypasses the ACL check. Remember that
> > you have control over the local_domains list, whereas the DNS can contain
> > anything.
>
> What problems do you think this can cause?
Delivering email locally that shouldn't be, or that you aren't prepared
for - it depends on what the rest of the routers and transports do. This
might not be a problem if the configuration works in the right way.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}