On Fri, Oct 25, 2013 at 02:27:25PM +0100, Jeremy Harris wrote:
> On 25/10/13 14:15, Jasen Betts wrote:
> >The domain names will all be CNAME to a known domain name and the MX
> >on that domain points
>
> Are you sure this part is legitimate DNS configuration?
It is definitely legitimate:
http://tools.ietf.org/html/rfc5321#section-5.1
However accepting mail for all domain names aliased to a given name
or resolving to a given IP address is not necessarily wise.
Anyone can create an alias, or point their domain's MX records at
the IP address in question. It is generally better to accept mail
only for an explicitly configured list of domains.
If arbitrary domains are accepted, recipient validation must happen
early. Do not accept then bounce.
--
Viktor.
