Re: [exim-dev] Bug? Exim rewrites domain in response to CNAM…

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] Bug? Exim rewrites domain in response to CNAME, in contradiction to what is written in Chapter 31
On Mon, Sep 09, 2013 at 09:00:01AM -0700, Todd Lyons wrote:

> > > nonesuch@www.bcidahofoundation.com
> > >    <-- nonesuch@???

>
> I think it's a terminology issue. It's not exim "rewriting" the email
> address. I believe a more technically correct phrase would be
> "normalizing". A domain is not supposed to have an MX record set to a
> CNAME.


You're mistaken. The illegal configuration is:

    example.com.      IN MX    0 mail.example.com.
    mail.example.com. IN CNAME smtp.example.com.
    smtp.example.com. IN A     192.0.2.1


However, the below (which is the OP's situation) is valid (since
April 2001, RFC 2821):

    example.com.      IN CNAME example.net.
    example.net.      IN MX 0 smtp.example.net.
    smtp.example.net. IN A     192.0.2.1


More than a decade ago (prior to RFC 2821), envelope recipient
addresses of the form localpart@??? (with example.com as
above) were expected to be canonicalized (normalized if you will)
to localpart@??? since RFC 821 requires primary names in
all contexts where domains are used. This was relaxed in RFC 2821
with the express purpose of allowing <user@???> in
MAIL FROM: and RCPT TO:.

MTAs are now expected to not automatically canonicalize the domain
part of envelope recipient addresses based on the presence of a
DNS CNAME alone. Of course explicit rewriting rules in the MTA
configuration can rewrite local addresses at will, and remote
addresses at their peril.

> Behavior when such an event occurs is undefined. Some MTA's
> merely fix the sending domain from the (invalid) CNAME to the
> (standards compliant) A record. I *know* sendmail does this as I'm a
> list owner on a mailing list machine which has this particular
> configuration. Read on for exim behavior in this scenario:


Sendmail (in best-practice and default configurations) no longer
automatically canonicalizes the domain part of envelope recipient
addresses. The same is true of Postfix.

> Yes it has been changed, but no it's not incorrect (IMHO).


Your opinion is contrary to long established standards.

-- 
    Viktor.