[Top] [All Lists]

Re: MX lookup error handling change

2008-05-08 10:16:27

At 12:55 +0100 on 05/08/2008, Tony Finch wrote about MX lookup error handling change:

RFC 2821 says:

   If MX records are present, but none of them are usable, this situation
   MUST be reported as an error.

This implies that a partially broken RRset is not grounds for rejecting a

2821bis says:

   When a domain name associated with an MX RR is looked up and the
   associated data field obtained, the data field of that response MUST
   contain a domain-name.  That domain-name, when queried, MUST return
   at least one address record (e.g., A or AAAA RR) that gives the IP
   address of the SMTP server to which the message should be directed.
   Any other response, specifically including a value that will return a
   CNAME record when queried, lies outside the scope of this standard.

This implies that it's OK to reject partially broken MX RRsets. Some
deployed software already does this.

If there are two or more MX records at the highest priority (ie: preferred) and some point at CNAMEs and some point at A/AAAA then while the MXs are partly broken, the CNAMEs can be ignored (ie: Treated as Unreachable) and the A/AAAA records used for those addresses you have IPvX connectivity for. If none are usable then reject. OTOH, if/when the highest priority is ONLY CNAMEs (even if lower/back-up MXs are A/AAAA which you can support) do an immediate reject since the back-up MXs will never be able to deliver to the primary servers (due to their being invalidly defined as CNAMEs).

<Prev in Thread] Current Thread [Next in Thread>