287434badly broken mx record for bond.com
- Aug 2, 2012On 2 Aug 2012, at 08:38, Varadi Gabor wrote:
> Sorry because my English.No problem. It's *far* better than my Hungarian. :-)
Besides, you've provided full, unedited information -- log entries,
dig output, etc -- which makes it clear exactly what the problem is.
If only everyone did that....
> The log details:First off, this is not a Postfix problem. The MX record for bond.com
> Jul 31 23:58:22 fw postfix/smtpd: 6ABF8F:
> Jul 31 23:58:22 fw postfix/cleanup: 6ABF8F: message-id=<20120731065514.5F401D0D@...
> Jul 31 23:58:22 fw postfix/qmgr: 6ABF8F: from=<>, size=3109,
> nrcpt=1 (queue active)
> Jul 31 23:58:22 fw postfix/smtp: 6ABF8F: to=<info@...>,
> relay=0.0.0.0[0.0.0.0]:25, conn_use=24, delay=0.04,
> delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued
> as 6E00018E)
> Jul 31 23:58:22 fw postfix/smtp: warning: numeric domain name
> in resource data of MX record for bond.com: 0.0.0.0
> Jul 31 23:58:22 fw postfix/qmgr: 6ABF8F: removed
> # dig mx bond.com
> ; <<>> DiG 9.7.3 <<>> mx bond.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56868
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;bond.com. IN MX
> ;; ANSWER SECTION:
> bond.com. 600 IN MX 1000 0.0.0.0.
is spectacularly broken. It's an epic fail. That's what needs to be
fixed. The administrator of this domain has to fix this. There's
nothing you should do apart from contact him/her. According to whois,
the contact for bond.com is administrator@.... Perhaps you
could contact them? Maybe he/she has done this deliberately to prevent
bond.com getting any email?
The MX record is broken in two ways. The target of an MX record should
be a hostname. It must not be a dotted-decimal string representing an
IPv4 address. Next, an IP address of 0.0.0.0 is remarkably stupid. For
most TCP/IP stacks, this will default to the current host. [It's
actually more complex than that, but the detail isn't important here.]
So your postfix implementation connects to itself whenever it opens a
connection to port 25 on 0.0.0.0.
BTW, I think it's wrong for Postfix to kludge around broken MX records
like this. Though I realise that ugly/bad things like that are
sometimes necessary to work around other people's stupid mistakes.
However if the DNS lookup returns an MX record that looks to have a
dotted-decimal instead of a domain name, this should not be getting
treated as an IP address. IMO your postfix setup should be looking up
that dotted decimal string in the DNS and then bouncing the mail when
the DNS returns an NXDOMAIN because 0.0.0.0 (say) does not exist as a
I would not reconfigure postfix to work around bond.com's brokenness.
For one thing, that would be the start of a very slippery slope. How
many more changes would you make to the configuration for errors
elsewhere and how soon would that make your postfix setup impossible
to maintain or debug? For another thing, if you did add some sort of
special relay hook for bond.com, where would that domain's mail be sent?
- << Previous post in topic Next post in topic >>