287450Re: badly broken mx record for bond.com
- Aug 2, 2012Jim Reid:
> On 2 Aug 2012, at 14:17, Wietse Venema wrote:I have an A record for warez.porcupine.org that resolves to 127.0.0.1.
> > The prime directive for Postfix is to deliver mail reliably without
> > sucking from a performance or human interface point of view, and
> > without granting unnecessary privileges to random strangers.
> Too bad your prime directive includes opening connections to port 25
> for 0.0.0.0 when people have misconfigured their MX records. :-)
I could have used 0.0.0.0 instead and have gotten a similar result.
Postfix documentation has plenty examples where sending mail to the
loopback address is entirely legitimate. It would be a mistake to
disallow sending mail to "reserved" address ranges by default. Such
decisions are necessarily site-specific.
This is what I use to exclude mail sources that resolve to a reserved
address range. Note that I exclude sources, not destinations:
#126.96.36.199 reject mail host in verisign wild-card domain
127 reject mail host in loopback network
10 reject mail host in reserved network 10
192.168 reject mail host in reserved network 192.168
Other sites may have a local address range in 10.* or 192.168.*,
and therefore can't exclude those as invalid mail sources. There
is no rule that works for everyone.
- << Previous post in topic Next post in topic >>