Loading ...
Sorry, an error occurred while loading the content.

Re: Malformed DNS server reply

Expand Messages
  • Victor Duchovni
    ... This said Null MX records are IMHO a reasonably simple/clean idea. Pity it never got officially blessed. I seem to recall that same concession to Null MX
    Message 1 of 9 , Apr 29, 2011
    • 0 Attachment
      On Fri, Apr 29, 2011 at 09:39:10AM -0400, Wietse Venema wrote:

      > > This looks like a Null MX record:
      > > http://tools.ietf.org/html/draft-delany-nullmx-00
      > >
      > > If the domain owner declares that this domain never sends or recieves
      > > email, then shouldn't postfix reject the above message with a permanent
      > > error?
      >
      > Anyone can post a draft. That does not mean that they change
      > the rules of the Internet.
      >
      > The SMTP RFC says that the MX record specifies a hostname, and
      > there is no RFC that says an empty string is a valid hostname.

      This said Null MX records are IMHO a reasonably simple/clean idea. Pity
      it never got officially blessed. I seem to recall that same concession
      to Null MX records was made in a Postfix release a while back...

      20050726

      Horror: total rewrite of DNS client error handling because
      some misguided proposal attempts to give special meaning
      to some syntactically invalid MX hostname lookup result.
      Not only that, people expect sensible results with
      reject_unknown_sender_domain etc. Files: dns/dns_lookup.c,
      smtp/smtp_addr.c smtpd/smtpd_check.c, lmtp/lmtp_addr.c.

      [...]

      20061227

      Bugfix (introduced with Postfix 2.3): the MX hostname syntax
      check was skipped with reject_unknown_helo_hostname and
      reject_unknown_sender/recipient_domain, so that Postfix
      would still accept mail from domains with a zero-length MX
      hostname. File: smtpd/smtpd_check.c.

      Which release is the OP using?

      --
      Viktor.
    • Wietse Venema
      ... How clean can it be? It requires that an RFC-compliant program must change from two-valued logic (an RFC-compliant MX record exists or does not exist) into
      Message 2 of 9 , Apr 29, 2011
      • 0 Attachment
        Victor Duchovni:
        > On Fri, Apr 29, 2011 at 09:39:10AM -0400, Wietse Venema wrote:
        >
        > > > This looks like a Null MX record:
        > > > http://tools.ietf.org/html/draft-delany-nullmx-00
        > > >
        > > > If the domain owner declares that this domain never sends or recieves
        > > > email, then shouldn't postfix reject the above message with a permanent
        > > > error?
        > >
        > > Anyone can post a draft. That does not mean that they change
        > > the rules of the Internet.
        > >
        > > The SMTP RFC says that the MX record specifies a hostname, and
        > > there is no RFC that says an empty string is a valid hostname.
        >
        > This said Null MX records are IMHO a reasonably simple/clean idea. Pity
        > it never got officially blessed. I seem to recall that same concession
        > to Null MX records was made in a Postfix release a while back...

        How clean can it be? It requires that an RFC-compliant program must
        change from two-valued logic (an RFC-compliant MX record exists or
        does not exist) into three-valued logic (no MX record, RFC-compliant
        MX record, non-compliant MX record) which leads to cascading code
        inconsistency and consequently new bugs.

        I think it is bad engineering when take some invalid form and then
        give it legitimate meaning. This rewards sloppy programs that play
        fast and loose, and punishes programs that enforce the rules.

        Wietse
      • Бак Микаел
        ... Hi Wietse, I understand. Thank you for clarifying this. I was not aware of the ugliness in this method. It seemed like a quite easy way to implement
        Message 3 of 9 , May 2, 2011
        • 0 Attachment
          Wietse Venema wrote:
          >> Hi list,
          >>
          >> I saw this in my logs:
          >>
          >> Apr 29 14:58:08 mx postfix/smtpd[4880]: connect from
          >> xxx.yyy.zzz[xxx.yyy.zzz.xxx]
          >> Apr 29 14:58:09 mx postfix/smtpd[4880]: warning: valid_hostname: empty
          >> hostname
          >> Apr 29 14:58:09 mx postfix/smtpd[4880]: warning: malformed domain name
          >> in resource data of MX record for somedomain.com:
          >
          > There is no Internet RFC that says that an empty hostname is valid.
          > Postfix was not built by experimentation of "what works". Instead,
          > Postfix was built by looking at official email standards. Then, I
          > added hacks and workarounds for systems that don't play by the
          > rules.
          >
          >> Apr 29 14:58:09 mx postfix/smtpd[4880]: NOQUEUE: reject: RCPT from
          >> xxx.yyy.zzz[xxx.yyy.zzz.xxx]: 450 4.1.8 <info@...>: Sender
          >> address rejected: Malformed DNS server reply; from=<info@...>
          >> to=<user@...> proto=ESMTP helo=<xxx.yyy.zzz>
          >> Apr 29 14:58:09 mx postfix/smtpd[4880]: disconnect from
          >> fxxx.yyy.zzz[xxx.yyy.zzz.xxx]
          >>
          >> And:
          >>
          >> $ host somedomain.com
          >> somedomain.com has address yyy.zzz.xxx.yyy
          >> somedomain.com mail is handled by 0 .
          >>
          >> This looks like a Null MX record:
          >> http://tools.ietf.org/html/draft-delany-nullmx-00
          >>
          >> If the domain owner declares that this domain never sends or recieves
          >> email, then shouldn't postfix reject the above message with a permanent
          >> error?
          >
          > Anyone can post a draft. That does not mean that they change
          > the rules of the Internet.
          >
          > The SMTP RFC says that the MX record specifies a hostname, and
          > there is no RFC that says an empty string is a valid hostname.
          >
          > The warning message is an example of a workaround hack that I put
          > in for systems that don't supply valid hostnames in their MX records.
          >
          > Wietse

          Hi Wietse,

          I understand. Thank you for clarifying this.
          I was not aware of the ugliness in this method. It seemed like a quite
          easy way to implement non-email domains for a DNS admin, but I now
          understand what complications this brings to the application developer.

          Cheers,
          Mikael Bak
        • Бак Микаел
          ... Hi Victor, Just for the record. We use postfix-2.7.3. Relevant part of postconf -n : smtpd_recipient_restrictions = permit_mynetworks,
          Message 4 of 9 , May 2, 2011
          • 0 Attachment
            Victor Duchovni wrote:
            > On Fri, Apr 29, 2011 at 09:39:10AM -0400, Wietse Venema wrote:
            >
            >>> This looks like a Null MX record:
            >>> http://tools.ietf.org/html/draft-delany-nullmx-00
            >>>
            >>> If the domain owner declares that this domain never sends or recieves
            >>> email, then shouldn't postfix reject the above message with a permanent
            >>> error?
            >> Anyone can post a draft. That does not mean that they change
            >> the rules of the Internet.
            >>
            >> The SMTP RFC says that the MX record specifies a hostname, and
            >> there is no RFC that says an empty string is a valid hostname.
            >
            > This said Null MX records are IMHO a reasonably simple/clean idea. Pity
            > it never got officially blessed. I seem to recall that same concession
            > to Null MX records was made in a Postfix release a while back...
            >
            > 20050726
            >
            > Horror: total rewrite of DNS client error handling because
            > some misguided proposal attempts to give special meaning
            > to some syntactically invalid MX hostname lookup result.
            > Not only that, people expect sensible results with
            > reject_unknown_sender_domain etc. Files: dns/dns_lookup.c,
            > smtp/smtp_addr.c smtpd/smtpd_check.c, lmtp/lmtp_addr.c.
            >
            > [...]
            >
            > 20061227
            >
            > Bugfix (introduced with Postfix 2.3): the MX hostname syntax
            > check was skipped with reject_unknown_helo_hostname and
            > reject_unknown_sender/recipient_domain, so that Postfix
            > would still accept mail from domains with a zero-length MX
            > hostname. File: smtpd/smtpd_check.c.
            >
            > Which release is the OP using?
            >

            Hi Victor,

            Just for the record. We use postfix-2.7.3.

            Relevant part of "postconf -n":

            smtpd_recipient_restrictions = permit_mynetworks,
            reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
            reject_non_fqdn_sender, reject_non_fqdn_recipient,
            reject_non_fqdn_hostname, reject_unauth_destination,
            [snip]
            reject_unknown_sender_domain,
            reject_unknown_reverse_client_hostname,
            [snip]

            But I think I got all my questions answered.
            Thanks,
            Mikael Bak
          Your message has been successfully submitted and would be delivered to recipients shortly.