[Top] [All Lists]

Re: nullmx

2008-03-31 13:56:08

Mark Andrews wrote:

It doesn't however mean you cannot send mail from that
machine however. You just have to set an appropriate mail
domain for outgoing mail.

Rather than toster(_at_)toaster(_dot_)example(_dot_)net the mail would come
from tosterXXX(_at_)example(_dot_)net or something similar if you
were using "MX 0 .".

JFTR, that is a nullmx for, and the host can send MAIL FROM tosterXXX(_at_)example(_dot_)net
(or from almost any address excluding

Mail to <postmaster> at this host is still supposed to work.
I couldn't tell without cheating (= looking into 2821bis) if
that's MUSTard, SHOULD, or between the lines.

Non deliver reports don't have to go back to the originating

I can sing "originator as indicated in the reverse-path", in
moments when JohnK would seriously wish that I don't try to 
sing, at least not on this list.

BTW, your example also shows another reason why "v=spf1 -all"
is not the same as nullmx.  The MTA using
this FQDN in its EHLO needs "v=spf1 a -all" (added "a") or 
another way to indicate that it's permitted to use this name.

When it sends an NDR or any mail with an empty reverse-path
receivers checking SPF look for a policy associated with the
EHLO name, and that is generally recommended in RFC 4408 for
the purpose of rejecting abuse of EHLO names, not limited to
empty reverse-paths.

Clearly nobody is forced to protect EHLO names with SPF FAIL,
but if they do they better get this right.