postfix and MX

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

postfix and MX

mami64
Hi
In e-mail incoming I need a MX restrictions - allow only domain who have
add MX in DNS - I known this is not RFC friendly ...

Are there any solutions ready to be imported?
Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

Wietse Venema
natan maciej milaszewski:
> Hi
> In e-mail incoming I need a MX restrictions - allow only domain who have
> add MX in DNS - I known this is not RFC friendly ...
>
> Are there any solutions ready to be imported?

Postfix implements the SMTP protocol by book standard, so you will
have to implement the "reject if no MX record" check with a plugin,
perhaps using http://www.postfix.org/SMTPD_POLICY_README.html.
The easiest path is to take an existing plugin and modify it.

(like the Postfix SMTP client, check_sender_mx_access will pretend
that a name without MX record is the name of the MX host).

        Wiete

Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

Viktor Dukhovni
In reply to this post by mami64
> On Sep 17, 2020, at 12:43 PM, natan maciej milaszewski <[hidden email]> wrote:
>
> In e-mail incoming I need a MX restrictions - allow only domain who have
> add MX in DNS - I known this is not RFC friendly ...

Just in case someone gets the wrong impression about MX records being
required...

It is more than "not RFC friendly", it is simply broken viz. the public
Internet.  Many legitimate sending domains have no MX records, this is
normal.  Refusing mail from non-MX domains does damage to the email
ecosystem.

It is difficult to imagine a situation where on the one hand you know
definitively that all the domains you'll be receiving email from have
MX records, and on the other hand you don't simply have a list of all
said domains, making the check for MX records moot.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

Antonio Leding
> Just in case someone gets the wrong impression about MX records being
> required...

TILT: MX records are not required for email to work — WOOT…

I’m sure most of this group already knew this but alas, I did
not…One more gem of the many I have gathered from this mailer thus
far…

Thanks Viktor… :=)



On 17 Sep 2020, at 13:59, Viktor Dukhovni wrote:

>> On Sep 17, 2020, at 12:43 PM, natan maciej milaszewski
>> <[hidden email]> wrote:
>>
>> In e-mail incoming I need a MX restrictions - allow only domain who
>> have
>> add MX in DNS - I known this is not RFC friendly ...
>
> Just in case someone gets the wrong impression about MX records being
> required...
>
> It is more than "not RFC friendly", it is simply broken viz. the
> public
> Internet.  Many legitimate sending domains have no MX records, this is
> normal.  Refusing mail from non-MX domains does damage to the email
> ecosystem.
>
> It is difficult to imagine a situation where on the one hand you know
> definitively that all the domains you'll be receiving email from have
> MX records, and on the other hand you don't simply have a list of all
> said domains, making the check for MX records moot.
>
> --
> Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

Fred Morris
On Thu, 17 Sep 2020, Antonio Leding wrote:
> TILT: MX records are not required for email to work — WOOT…

Not required for SPF either. You can list the IP address(es). Of course if
you have MX then for SPF it's simple "+mx".

--

Fred Morris
Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

@lbutlr
On 17 Sep 2020, at 17:03, Fred Morris <[hidden email]> wrote:
> On Thu, 17 Sep 2020, Antonio Leding wrote:
>> TILT: MX records are not required for email to work — WOOT…
>
> Not required for SPF either. You can list the IP address(es). Of course if you have MX then for SPF it's simple "+mx".

This may have changed, but I doubt it. If you do not have MX records there are definitely mail servers out there that will not send mail to you. Exchange for one at least used to refuse to deliver mail without an MX record. I don't know if this is still the case as I am thankfully at least 5 years from having to deal with anyone on Exchange server.



--
At night when the bars close down
Brandy walks through a silent town
And loves a man who's not around

Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

Viktor Dukhovni
> On Sep 17, 2020, at 9:30 PM, @lbutlr <[hidden email]> wrote:
>
> This may have changed, but I doubt it. If you do not have MX records
> there are definitely mail servers out there that will not send mail
> to you. Exchange for one at least used to refuse to deliver mail without
> an MX record. I don't know if this is still the case as I am thankfully
> at least 5 years from having to deal with anyone on Exchange server.

RFC 5321 was published 2008:

   https://tools.ietf.org/html/rfc5321#section-5.1

   The lookup first attempts to locate an MX record associated with the
   name.  If a CNAME record is found, the resulting name is processed as
   if it were the initial name.  If a non-existent domain error is
   returned, this situation MUST be reported as an error.  If a
   temporary error is returned, the message MUST be queued and retried
   later (see Section 4.5.4.1).  If an empty list of MXs is returned,
   the address is treated as if it was associated with an implicit MX
   RR, with a preference of 0, pointing to that host.  If MX records are
   present, but none of them are usable, or the implicit MX is unusable,
   this situation MUST be reported as an error.

But even prior to that:

   https://tools.ietf.org/html/rfc2821#section-5

   Once an SMTP client lexically identifies a domain to which mail will
   be delivered for processing (as described in sections 3.6 and 3.7), a
   DNS lookup MUST be performed to resolve the domain name [22].  The
   names are expected to be fully-qualified domain names (FQDNs):
   mechanisms for inferring FQDNs from partial names or local aliases
   are outside of this specification and, due to a history of problems,
   are generally discouraged.  The lookup first attempts to locate an MX
   record associated with the name.  If a CNAME record is found instead,
   the resulting name is processed as if it were the initial name.  If
   no MX records are found, but an A RR is found, the A RR is treated as
   if it was associated with an implicit MX RR, with a preference of 0,
   pointing to that host.  If one or more MX RRs are found for a given
   name, SMTP systems MUST NOT utilize any A RRs associated with that
   name unless they are located using the MX RRs; the "implicit MX" rule
   above applies only if there are no MX records present.  If MX records
   are present, but none of them are usable, this situation MUST be
   reported as an error.

dates back to April 201.  I would expect that 19 years is sufficient time
for the news to have reached Redmond, WA.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

Antonio Leding
> dates back to April 201.  I would expect that 19 years is sufficient
> time
> for the news to have reached Redmond, WA.

I think thats actually 1819 years so most definitely long enough to get
the memo…

I stopped believing long ago that Microsoft adhered to any standard in
earnest.  To me, they always seemed to be more about
implanting new standards that the world would then follow…


On 17 Sep 2020, at 18:11, Viktor Dukhovni wrote:

>> On Sep 17, 2020, at 9:30 PM, @lbutlr <[hidden email]> wrote:
>>
>> This may have changed, but I doubt it. If you do not have MX records
>> there are definitely mail servers out there that will not send mail
>> to you. Exchange for one at least used to refuse to deliver mail
>> without
>> an MX record. I don't know if this is still the case as I am
>> thankfully
>> at least 5 years from having to deal with anyone on Exchange server.
>
> RFC 5321 was published 2008:
>
>    https://tools.ietf.org/html/rfc5321#section-5.1
>
>    The lookup first attempts to locate an MX record associated with
> the
>    name.  If a CNAME record is found, the resulting name is processed
> as
>    if it were the initial name.  If a non-existent domain error is
>    returned, this situation MUST be reported as an error.  If a
>    temporary error is returned, the message MUST be queued and retried
>    later (see Section 4.5.4.1).  If an empty list of MXs is returned,
>    the address is treated as if it was associated with an implicit MX
>    RR, with a preference of 0, pointing to that host.  If MX records
> are
>    present, but none of them are usable, or the implicit MX is
> unusable,
>    this situation MUST be reported as an error.
>
> But even prior to that:
>
>    https://tools.ietf.org/html/rfc2821#section-5
>
>    Once an SMTP client lexically identifies a domain to which mail
> will
>    be delivered for processing (as described in sections 3.6 and 3.7),
> a
>    DNS lookup MUST be performed to resolve the domain name [22].  The
>    names are expected to be fully-qualified domain names (FQDNs):
>    mechanisms for inferring FQDNs from partial names or local aliases
>    are outside of this specification and, due to a history of
> problems,
>    are generally discouraged.  The lookup first attempts to locate an
> MX
>    record associated with the name.  If a CNAME record is found
> instead,
>    the resulting name is processed as if it were the initial name.  If
>    no MX records are found, but an A RR is found, the A RR is treated
> as
>    if it was associated with an implicit MX RR, with a preference of
> 0,
>    pointing to that host.  If one or more MX RRs are found for a given
>    name, SMTP systems MUST NOT utilize any A RRs associated with that
>    name unless they are located using the MX RRs; the "implicit MX"
> rule
>    above applies only if there are no MX records present.  If MX
> records
>    are present, but none of them are usable, this situation MUST be
>    reported as an error.
>
> dates back to April 201.  I would expect that 19 years is sufficient
> time
> for the news to have reached Redmond, WA.
>
> --
> Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

Amari CH
Antonio Leding wrote:
> I think thats actually 1819 years so most definitely long enough to get
> the memo…

Hello

Do you think if email will go to death in short future?
Since more and more popular communication tools appear this day, such as
twitter, facebook, tiktok, slack etc.

Thanks.

--
Amari CH
https://maddoghost.com/
Reply | Threaded
Open this post in threaded view
|

Re: [External] Re: postfix and MX

Kevin A. McGrail
In reply to this post by Antonio Leding
On 9/17/2020 9:20 PM, Antonio Leding wrote:
>
> I stopped believing long ago that Microsoft adhered to any standard in
> earnest.  To me, they always seemed to be more about
> implanting new standards that the world would then follow…
In fairness, Microsoft's embrace/extend/extinguish plans are well known
but I also think a thing of the past.  I've been pretty impressed by
their netizenship in the past decade.  Not saying it didn't take the US
DoJ for a wake-up call but really impressed with what I've seen.  Is
there a specific and recent example you can think of?

Regards,
KAM
Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

@lbutlr
In reply to this post by Viktor Dukhovni


> On 17 Sep 2020, at 19:11, Viktor Dukhovni <[hidden email]> wrote:
>
>> On Sep 17, 2020, at 9:30 PM, @lbutlr <[hidden email]> wrote:
>>
>> This may have changed, but I doubt it. If you do not have MX records
>> there are definitely mail servers out there that will not send mail
>> to you. Exchange for one at least used to refuse to deliver mail without
>> an MX record. I don't know if this is still the case as I am thankfully
>> at least 5 years from having to deal with anyone on Exchange server.
>
> RFC 5321 was published 2008:

Oh, I am not saying they are right or compliant with the RFCs, but it absolutely does happen that some servers will not send mail without an MX record.

> dates back to April 201.  I would expect that 19 years is sufficient time
> for the news to have reached Redmond, WA.

Perhaps, but it was no the case in … checks 2014 when dealing with a Exchange Server of unknown version.

IIRC, craigslist also will not send emails to email addresses without MX records, but craigslist has many issues sending mail, so I may be remembering something else.

--
Last night I stayed up late playing poker with Tarot cards. I got a
full house and four people died.
Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

@lbutlr
In reply to this post by Amari CH
On 17 Sep 2020, at 19:24, Amari CH <[hidden email]> wrote:
> Do you think if email will go to death in short future?

No, but it’s importance is already far less than it used to be. My kids (early 18 and 23) rarely check their email (a couple of times a week, and only if they are expecting something important) and that behavior is mirrored by their peers.

Even I use email far less than I used to, and nearly no personal communication happens over email anymore. Generally I get list mail, receipts for purchases, login verifications, status messages from servers, and that’s about it.

--
"Are you pondering what I'm pondering?"
"Uh, I think so Brain, but how are we gonna teach a goat to dance
with flippers on?"
Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

Antonio Leding

It’s important to differentiate between personal and professional use. In the former, I agree email’s relevance & importance is diminishing largely due to social media and IM platforms. But in the latter case, email will be with us for quite a long while…


On 18 Sep 2020, at 10:04, @lbutlr wrote:

On 17 Sep 2020, at 19:24, Amari CH [hidden email] wrote:

Do you think if email will go to death in short future?

No, but it’s importance is already far less than it used to be. My kids (early 18 and 23) rarely check their email (a couple of times a week, and only if they are expecting something important) and that behavior is mirrored by their peers.

Even I use email far less than I used to, and nearly no personal communication happens over email anymore. Generally I get list mail, receipts for purchases, login verifications, status messages from servers, and that’s about it.

--
"Are you pondering what I'm pondering?"
"Uh, I think so Brain, but how are we gonna teach a goat to dance
with flippers on?"

Reply | Threaded
Open this post in threaded view
|

Re: postfix and MX

mami64
In reply to this post by @lbutlr
Hi
I found a solutions about MX filter in http://rmxf.comm.pl/

On 18.09.2020 01:30, @lbutlr wrote:
> On 17 Sep 2020, at 17:03, Fred Morris <[hidden email]> wrote:
>> On Thu, 17 Sep 2020, Antonio Leding wrote:
>>> TILT: MX records are not required for email to work — WOOT…
>> Not required for SPF either. You can list the IP address(es). Of course if you have MX then for SPF it's simple "+mx".
> This may have changed, but I doubt it. If you do not have MX records there are definitely mail servers out there that will not send mail to you. Exchange for one at least used to refuse to deliver mail without an MX record. I don't know if this is still the case as I am thankfully at least 5 years from having to deal with anyone on Exchange server.
>
>
>