At 12:55 +0100 on 05/08/2008, Tony Finch wrote about MX lookup error
handling change:
RFC 2821 says:
If MX records are present, but none of them are usable, this situation
MUST be reported as an error.
This implies that a partially broken RRset is not grounds for rejecting a
message.
2821bis says:
When a domain name associated with an MX RR is looked up and the
associated data field obtained, the data field of that response MUST
contain a domain-name. That domain-name, when queried, MUST return
at least one address record (e.g., A or AAAA RR) that gives the IP
address of the SMTP server to which the message should be directed.
Any other response, specifically including a value that will return a
CNAME record when queried, lies outside the scope of this standard.
This implies that it's OK to reject partially broken MX RRsets. Some
deployed software already does this.
If there are two or more MX records at the highest priority (ie:
preferred) and some point at CNAMEs and some point at A/AAAA then
while the MXs are partly broken, the CNAMEs can be ignored (ie:
Treated as Unreachable) and the A/AAAA records used for those
addresses you have IPvX connectivity for. If none are usable then
reject. OTOH, if/when the highest priority is ONLY CNAMEs (even if
lower/back-up MXs are A/AAAA which you can support) do an immediate
reject since the back-up MXs will never be able to deliver to the
primary servers (due to their being invalidly defined as CNAMEs).