From owner-freebsd-isp Wed Sep 22 23:28:36 1999 Delivered-To: freebsd-isp@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 3C6AF154A8 for ; Wed, 22 Sep 1999 23:28:29 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 13080 invoked by uid 1001); 23 Sep 1999 06:28:27 +0000 (GMT) To: brian@Awfulhak.org Cc: jon@caamora.com.au, domi@saargate.de, freebsd-isp@FreeBSD.ORG Subject: Re: Sendmail: Receive mails for every subdomain From: sthaug@nethelp.no In-Reply-To: Your message of "Thu, 23 Sep 1999 06:39:02 +0100" References: <199909230539.GAA11979@keep.lan.Awfulhak.org> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Thu, 23 Sep 1999 08:28:27 +0200 Message-ID: <13078.938068107@verdi.nethelp.no> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > Should be... if your MX is (say) mx.domain.com try something like > > > > > > .domain.com smtp:[mx.domain.com] > > > > > > in your mailer table and > > > > > > *.domain.com. IN MX 0 mx.domain.com. > > > > > > in your DNS. See src/contrib/sendmail/cf/README for details. > > > > i've been wondering about this sort of entry in the dns table > > fro some time. i've asked several people about the posibilities > > and have been told that this particular habit is frowned upon > > and should be avoided. ... > Heh, well I'm certainly the last person to invite to this sort of > argument :-] I've read the first 200 pages of the second edition > O'Reilly Sendmail book and the rest of my knowledge in this area > comes from trying things out and making things up :*) > > I don't see that wildcard MXs are really evil. The argument is > probably that people shouldn't be sending to arbitrary machines > unless your outgoing mail is misconfigured (dodgy from address). No. Wildcard MXs really are evil, because they *don't work the way you expect*. *.domain.com. IN MX 0 mx.domain.com. will only be used if there is *no* other information available about a specific name. So if xyzzy.domain.com exists (has an A, CNAME or anything else), the wildcard MX won't be used. Below is the comp.protocols.tcp-ip.domains FAQ entry about wildcard MXs. Steinar Haug, Nethelp consulting, sthaug@nethelp.no ---------------------------------------------------------------------- Question 5.9. wildcard MX records Date: Sun Nov 27 23:32:41 EST 1994 Does BIND not understand wildcard MX records such as the following? *.foo.com MX 0 mail.foo.com. No. It just doesn't work. Explicit RR's at one level of specificity will, by design, "block" a wildcard at a lesser level of specificity. I suspect that you have an RR (an A RR, perhaps?) for "bar.foo.com" which is blocking the application of your "*.foo.com" wildcard. The initial MX query is thus failing (NOERROR but an answer count of 0), and the backup query finds the A RR for "bar.foo.com" and uses it to deliver the mail directly (which is what you DIDN'T want it to do). Adding an explicit MX RR for the host is therefore the right way to handle this situation. See RFC 1034, Section 4.3.3 ("Wildcards") for more information on this "blocking" behavior, along with an illustrative example. See also RFC 974 for an explanation of standard mailer behavior in the face of an "empty" response to one's MX query. Basically, what it boils down to is, there is no point in trying to use a wildcard MX for a host which is otherwise listed in the DNS. It just doesn't work. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message