On Wed, Sep 10, 2025 at 11:52:03AM +0200, Matus UHLAR - fantomas via
Postfix-users wrote:
> On 08.09.25 18:37, John, Chris via Postfix-users wrote:
> > I have a postfix 3.5.2 system that accepts messages from internal hosts
> > and relays to internal destinations and to an email perimeter that
> > delivers to external (Internet) domains.
> >
> > The issue I'm seeing is regarding external domains that do not follow
> > DNS best practices and have CNAME records published for the same domain
> > that their MX records are published for.
>
> This is not about following best practices. This is clearly violation of DNS
No, not a violation of DNS, rather such a rewrite is a violation of
RFC2321 (and its successors: 5321, 5321bis[1]) which changed the
semantics of CNAME-valued address domain parts from RFC821.
RFC821, Section 3.7 "Domains" reads in part:
Whenever domain names are used in SMTP only the official names are
used, the use of nicknames or aliases is not allowed.
Whereas RFC2821, Section 3.6 "Domains" reads in part:
https://www.rfc-editor.org/rfc/rfc2821#section-3.6
Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs. Local nicknames or unqualified names MUST NOT be
used.
The distinction being that <[email protected]> was therefore permitted.
Sufficiently ancient Sendmail configurations defaulted to "canonifying"
the recipient domain. I had a vague recollection the syntax was
something like $[ ... ]. Which was almost correct, a quick search turns
up:
https://www.sendmail.org/~ca/email/doc8.12/cf/m4/features.html
nocanonify Don't pass addresses to $[ ... $] for canonification by
default, i.e., host/domain names are considered canonical,
except for unqualified names, which must not be used in this
mode (violation of the standard).
A properly configured Sendmail system should not "canonify", but it
seems that some still do.
--
Viktor. 🇺🇦 Слава Україні!
[1] https://datatracker.ietf.org/doc/html/draft-ietf-emailcore-rfc5321bis-44
This will soon be published as a "full internet standard" (STDnnnn),
rather "merely" a "proposed standard" as with most standards-track
RFCs. It took only ~50 years for SMTP to be "standardised". :-)
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
