Shawn, I noticed that in BIND8, DNS gets _VERY_ unhappy if you use a CNAME for the zone's MX. Maybe there's something else at work.... Karyn -----Original Message----- From: Shawn McMahon [mailto:smcmahon@eiv.com] Sent: Monday, July 10, 2000 8:38 AM To: nanog@merit.edu Subject: Re: RBL-type BGP service for known rogue networks? On Mon, Jul 10, 2000 at 11:10:35AM -0400, Greg A. Woods wrote:
However I should have listed the other requirement that I thought was self-obvious since we're talking about SMTP here. I.e. I don't ever accept e-mail from anything less than the most strictly conforming SMTP implementations. You're violating part one of RFC 1123 section #5.2.5. The name given by your SMTP server in the HELO "MUST" be a canonical hostname. It must not be a CNAME.
Oh, you wanna go there? 5.2.5 HELO Command: RFC-821 Section 3.5 The sender-SMTP MUST ensure that the <domain> parameter in a HELO command is a valid principal host domain name for the client host. As a result, the receiver-SMTP will not have to perform MX resolution on this name in order to validate the HELO parameter. The HELO receiver MAY verify that the HELO parameter really corresponds to the IP address of the sender. However, the receiver MUST NOT refuse to accept a message, even if the sender's HELO command fails verification. Hmm. MUST NOT refuse. Who's violating the RFC here, again? *ANYBODY* using sendmail from a dynamic IP is either going to do this, or worse. RFC 1123 requires you to live with it. If you choose not to, don't wave the damn RFC around like a magic shield. CNAMEs are "valid principal host domain name[s]". Nothing in the RFC says it can't be a CNAME, but something in the RFC says you have to accept it even if it's flat-out wrong or a lie. Your thin ice just cracked, Greg. Admit you're wrong and get on with your life. You're not running an RFC 1123-compliant mail setup at present.