Loading ...
Sorry, an error occurred while loading the content.

287450Re: badly broken mx record for bond.com

Expand Messages
  • Wietse Venema
    Aug 2 8:27 AM
    • 0 Attachment
      Jim Reid:
      > On 2 Aug 2012, at 14:17, Wietse Venema wrote:
      >
      > > The prime directive for Postfix is to deliver mail reliably without
      > > sucking from a performance or human interface point of view, and
      > > without granting unnecessary privileges to random strangers.
      >
      > Too bad your prime directive includes opening connections to port 25
      > for 0.0.0.0 when people have misconfigured their MX records. :-)

      I have an A record for warez.porcupine.org that resolves to 127.0.0.1.
      I could have used 0.0.0.0 instead and have gotten a similar result.

      Postfix documentation has plenty examples where sending mail to the
      loopback address is entirely legitimate. It would be a mistake to
      disallow sending mail to "reserved" address ranges by default. Such
      decisions are necessarily site-specific.

      This is what I use to exclude mail sources that resolve to a reserved
      address range. Note that I exclude sources, not destinations:

      /etc/postfix/main.cf:
      smtpd_whatever_restrictions =
      ...
      check_sender_mx_access hash:/etc/postfix/mx_access
      ...

      /etc/postfix/mx_access
      #64.94.110.11 reject mail host in verisign wild-card domain
      127 reject mail host in loopback network
      10 reject mail host in reserved network 10
      192.168 reject mail host in reserved network 192.168

      Other sites may have a local address range in 10.* or 192.168.*,
      and therefore can't exclude those as invalid mail sources. There
      is no rule that works for everyone.

      Wietse
    • Show all 8 messages in this topic