Date: Thu, 23 Sep 1999 08:28:27 +0200 From: sthaug@nethelp.no To: brian@Awfulhak.org Cc: jon@caamora.com.au, domi@saargate.de, freebsd-isp@FreeBSD.ORG Subject: Re: Sendmail: Receive mails for every subdomain Message-ID: <13078.938068107@verdi.nethelp.no> In-Reply-To: Your message of "Thu, 23 Sep 1999 06:39:02 %2B0100" References: <199909230539.GAA11979@keep.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Should be... if your MX is (say) mx.domain.com try something like
> > >
> > > .domain.com smtp:[mx.domain.com]
> > >
> > > in your mailer table and
> > >
> > > *.domain.com. IN MX 0 mx.domain.com.
> > >
> > > in your DNS. See src/contrib/sendmail/cf/README for details.
> >
> > i've been wondering about this sort of entry in the dns table
> > fro some time. i've asked several people about the posibilities
> > and have been told that this particular habit is frowned upon
> > and should be avoided.
...
> Heh, well I'm certainly the last person to invite to this sort of
> argument :-] I've read the first 200 pages of the second edition
> O'Reilly Sendmail book and the rest of my knowledge in this area
> comes from trying things out and making things up :*)
>
> I don't see that wildcard MXs are really evil. The argument is
> probably that people shouldn't be sending to arbitrary machines
> unless your outgoing mail is misconfigured (dodgy from address).
No. Wildcard MXs really are evil, because they *don't work the way
you expect*.
*.domain.com. IN MX 0 mx.domain.com.
will only be used if there is *no* other information available about
a specific name. So if xyzzy.domain.com exists (has an A, CNAME or
anything else), the wildcard MX won't be used.
Below is the comp.protocols.tcp-ip.domains FAQ entry about wildcard
MXs.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
----------------------------------------------------------------------
Question 5.9. wildcard MX records
Date: Sun Nov 27 23:32:41 EST 1994
Does BIND not understand wildcard MX records such as the following?
*.foo.com MX 0 mail.foo.com.
No. It just doesn't work.
Explicit RR's at one level of specificity will, by design, "block" a
wildcard at a lesser level of specificity. I suspect that you have an RR
(an A RR, perhaps?) for "bar.foo.com" which is blocking the application of
your "*.foo.com" wildcard. The initial MX query is thus failing (NOERROR
but an answer count of 0), and the backup query finds the A RR for
"bar.foo.com" and uses it to deliver the mail directly (which is what you
DIDN'T want it to do). Adding an explicit MX RR for the host is therefore
the right way to handle this situation.
See RFC 1034, Section 4.3.3 ("Wildcards") for more information on this
"blocking" behavior, along with an illustrative example. See also RFC 974
for an explanation of standard mailer behavior in the face of an "empty"
response to one's MX query.
Basically, what it boils down to is, there is no point in trying to use a
wildcard MX for a host which is otherwise listed in the DNS.
It just doesn't work.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13078.938068107>