On 23 May 2014, at 12:31, Tony Finch <dot(_at_)dotat(_dot_)at> wrote:
S Moonesamy <sm+ietf(_at_)elandsys(_dot_)com> wrote:
At 08:05 22-05-2014, Ned Freed wrote:
If memory servers, ancient versions of sendmail supported this and
actually rewrote such aliases.
This is a configurable option in sendmail to do the rewrite.
I was looking at this yesterday. Sendmail has a DontExpandCnames option
(off by default so it does CNAME-based rewriting by default) but as I
understand it this controls the routing of outgoing mail and does not
affect which domains Sendmail will consider to be local and which it will
accept in non-relay RCPT commands.
From memory, ‘DontExpandCnames’ simply tells Sendmail to first perform CNAME
expansion in the SMTP client. Canonicalisation of the form described in [1]
is done inside the rewrite rules, by using the results of $[ … $] expansions,
and is controlled (if using the mc files to build your configurations) with
FEATURE(`nocanonify'). Finally the list of acceptable domains is controlled
by a class and has nothing to do with client rewrites; we suppose that the
destination of CNAMEs will be listed to accept mail from obsolete Sendmail,
but it should also include every other DNS name by which the system is known
locally. Furthermore there are various hardcoded corner cases, which support
your theory that it’s obsolete, EG it still wants to canonify single-label
host names, and it leaves the DNS resolver unconfigured unless you
specifically set options (EG to suppress the dotless search).
So to summarise: I think sendmail users should all be using
FEATURE(`nocanonify’) and should have their ‘w’ class correctly listing all of
the names that they are known by, and they should have “DontExpandCnames=F”
(off), and have their resolver set up not to search.
Or you could just upgrade to Postfix. :)
The key thing about John's suggestion is that an MX MTA would accept mail
to domains for which it does not have any explicit configuration but which
have a CNAME pointing to an explicitly configured domain.
(Aside: The DontExpandCnames option has amusingly backwards documentation
which seems to date from the late 1990s: "This currently violates the
published standards, but the IETF seems to be moving toward legalizing
this.")
Exactly, that described in [1].
Cheers,
Sabahattin
[1] http://cr.yp.to/im/cname.html
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp