Simon Waters:
> One domain is advertising an MX record of "0.0.0.0" which postfix correctly
> reports as "numeric domain name in resource data of MX record for ..."
>
> Then (on Linux at least), Postfix connects to "0.0.0.0" and then logs a
> couple
> of messages complaining it is trying to talk to itself.
>
> I'm not sure 0.0.0.0 should work as an address to connect to, but probably
> too
> late to put that genie back in the bottle.
>
> In this instant I would prefer to reject mail from domain. I believe the
> Postfix way is a policy daemon to reject email with bad or unwanted DNS
> settings. (i.e. the Yahoo MX . trick).
>
> Does anyone have a good list of bad things not to connect to?
> How have folks done the DNS filtering.
>
> Meta question - should outgoing to 0.0.0.0 really connect to anything.
Use check_sender/recipient_mx_access to eliminate IP addresses in
10.0.0.0/8, 127.0.0.0/8 and so on.
Obviously, these addresses cannot be blocked by default, as some
people operate mail servers on private networks.
Also, this may block mail when a sites mistakenly lists both routable
and non-routable hosts in their MX records.
Wietse
