MX record for no-mail domainnames?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

MX record for no-mail domainnames?

Andy Spiegl-7
I've got some domainnames which are just used as http redirects.
My mailservers don't accept mail for them.

So, I just deleted the MX record in order to advertize to the world
that I don't want mails for these domains.  But then I noticed that
postfix tries to deliver mails anyway and simply uses the domain name
itself as MX.  I found in the RFC 974 that this is the correct way to
handle the special case of no MX records.

So, postfix is doing a good job!

But then, how should I configure my DNS?
Any idea?

Thanx,
 Andy.

--
 Harrisberger's Fourth Law of the Lab:
         Experience is directly proportional to
         the amount of equipment ruined.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: MX record for no-mail domainnames?

Victor Duchovni
On Mon, May 19, 2008 at 04:51:37PM +0200, Andy Spiegl wrote:

> I've got some domainnames which are just used as http redirects.
> My mailservers don't accept mail for them.
>
> So, I just deleted the MX record in order to advertize to the world
> that I don't want mails for these domains.  But then I noticed that
> postfix tries to deliver mails anyway and simply uses the domain name
> itself as MX.  I found in the RFC 974 that this is the correct way to
> handle the special case of no MX records.
>
> So, postfix is doing a good job!
>
> But then, how should I configure my DNS?

A popular (though never standardized approach) is to use "null MX"
records:

        example.com IN MX 0 .

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: MX record for no-mail domainnames?

Noel Jones-2
In reply to this post by Andy Spiegl-7
Andy Spiegl wrote:

> I've got some domainnames which are just used as http redirects.
> My mailservers don't accept mail for them.
>
> So, I just deleted the MX record in order to advertize to the world
> that I don't want mails for these domains.  But then I noticed that
> postfix tries to deliver mails anyway and simply uses the domain name
> itself as MX.  I found in the RFC 974 that this is the correct way to
> handle the special case of no MX records.
>
> So, postfix is doing a good job!
>
> But then, how should I configure my DNS?
> Any idea?
>
> Thanx,
>  Andy.
>

Point the MX record to "mail.invalid"

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: MX record for no-mail domainnames?

Jorey Bump
In reply to this post by Andy Spiegl-7
Andy Spiegl wrote, at 05/19/2008 10:51 AM:

> I've got some domainnames which are just used as http redirects.
> My mailservers don't accept mail for them.
>
> So, I just deleted the MX record in order to advertize to the world
> that I don't want mails for these domains.  But then I noticed that
> postfix tries to deliver mails anyway and simply uses the domain name
> itself as MX.  I found in the RFC 974 that this is the correct way to
> handle the special case of no MX records.
>
> So, postfix is doing a good job!
>
> But then, how should I configure my DNS?
> Any idea?

I manage some domains that should never receive email. In such cases, I
don't assign an A or MX record to the domain (example.org), only to the
web host (www.example.org), and never redirect example.org ->
www.example.org.

Some people have trouble with that last part, and will even claim it's
some kind of standard (show me the RFC), or at least a valuable
convenience for users. Others claim that mirroring or redirecting
multiple hostnames to the same content can result in a penalty that will
reduce your search engine rankings. You might consider getting rid of
your redirects, or only redirecting the www hosts, and not publishing A
or MX records for the parent domains. Of course, this means mail aimed
at the specific www hosts will still try to use the corresponding A
record, but I've never seen this in practice. In any case, this
eliminates all email, including dictionary attacks, for these kind of
domains on my servers.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: MX record for no-mail domainnames?

Andy Spiegl-7
In reply to this post by Victor Duchovni
> A popular (though never standardized approach) is to use "null MX"
> records:
> example.com IN MX 0 .

...

> Point the MX record to "mail.invalid"

Great idea, but that's allowed accoring to the RFCs ???

Thx,
 Andy.

--
 The opossum is a very sophisticated animal.  It doesn't even get up
 until 5 or 6 pm.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: MX record for no-mail domainnames?

Noel Jones-2
Andy Spiegl wrote:

>> A popular (though never standardized approach) is to use "null MX"
>> records:
>> example.com IN MX 0 .
>
> ...
>
>> Point the MX record to "mail.invalid"
>
> Great idea, but that's allowed accoring to the RFCs ???
>
> Thx,
>  Andy.
>

It's legal because "invalid." is an official reserved TLD, so
it is a legal host name that will never resolve.  This is
similar in concept to Viktor's suggestion of a null host "."
MX record.

I don't know of any RFC that addresses this issue directly; I
would think RFC-compliant behavior would be any legal host
name that won't ever resolve.

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: MX record for no-mail domainnames?

Stefan Förster-4
* Noel Jones <[hidden email]> wrote:

> Andy Spiegl wrote:
>>> A popular (though never standardized approach) is to use "null MX"
>>> records:
>>> example.com IN MX 0 .
>>
>>> Point the MX record to "mail.invalid"
>>
>> Great idea, but that's allowed accoring to the RFCs ???
>
> It's legal because "invalid." is an official reserved TLD, so
> it is a legal host name that will never resolve.  This is
> similar in concept to Viktor's suggestion of a null host "."
> MX record.
>
> I don't know of any RFC that addresses this issue directly; I
> would think RFC-compliant behavior would be any legal host
> name that won't ever resolve.

I don't see how this could ever break any SMTP application that is at
least somewhat standards compliant. RFC2606 states:

,----[ RFC2606, Section 2 ]
| ".invalid" is intended for use in online construction of domain
| names that are sure to be invalid and which it is obvious at a
| glance are invalid.
`----

As Noel pointed out, this MUST NOT resolve to a valid address. And
since you plan to specify at least one A-RR _and_ one MX-RR, I think
RC2821 makes it quite clear:

,----[ RFC2821, Section 5 ]
| If one or more MX RRs are found for a given name, SMTP
| systems MUST NOT utilize any A RRs associated with that name
| unless they are located using the MX RRs; the "implicit MX"
| rule above applies only if there are no MX records present.
| If MX records are present, but none of them are usable, this
| situation MUST be reported as an error.
`----

This means that any client trying to deliver mail to that location
MUST NOT try to contact that host but instead report an error.

Seems pretty safe to me, from an "RFC compliance" point of view.

So much for standards compliant software, in my experience, badly
written spambot software sometimes will ignore the above rules and
make a direct connection anyways. But you should see a definite
decrease of overall connection attempts.


Cheers
Stefan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: MX record for no-mail domainnames?

Wietse Venema
In reply to this post by Noel Jones-2
Noel Jones:
> It's legal because "invalid." is an official reserved TLD, so
> it is a legal host name that will never resolve.  This is
> similar in concept to Viktor's suggestion of a null host "."
> MX record.

Except that I have not been able to find the RFC text that says
a zero-length string is a valid domain name. Thus, I had to
actually put extra code in Postfix.

        Wietse
Loading...