Stop rewriting recipient address for wildcarded MX/CNAME

21/04/2007, 10h44

Hello Genlemen,

I've got following situation. Several my sendmail servers acts like
distributed / load balancing mail hub/gateway for a several enough
large clients behind me. Some of clients has mass hosting for a few
thousands offen short lived (several months, half of year) domains. So
they wildcarded domain names, I think in order to simplify life to
themselves, as I understand to thomething similar for a few speciifc
domains:

MX 10 @
* CNAME @

And now I've problems from that. Sendmail canonify all third and more
level subdomain1.domain.tld, subdomain2.domain.tld... to canonical
domain.tld and unconditionally rewrites recipinet addreses:

address@somesubdomaon.domain.tld --> address@domain.tld

for configured in such way domain names.

Please don't comment that wildcarded MX is evil, violates RFC's and so
on. They're in their rights and made their choice. It's possible and
I'm in front of such situation and asking for any tips/triks,
suggestions, real expirience.

Is it possible to setup sendmail lawfully with m4 macros and tuning
variablrs without manual changes and a writing rules in sendmail.cf to
skip canonification or/and rewriting recipient address, leave it
untouched for such wildcarded MX/CNAME domains?

Thank you.

21/04/2007, 11h03

Varda Zklir <v20z@yahoo.com> writes:

> Hello Genlemen,
>
> I've got following situation. Several my sendmail servers acts like
> distributed / load balancing mail hub/gateway for a several enough
> large clients behind me. Some of clients has mass hosting for a few
> thousands offen short lived (several months, half of year) domains. So
> they wildcarded domain names, I think in order to simplify life to
> themselves, as I understand to thomething similar for a few speciifc
> domains:
>
> MX 10 @
> * CNAME @
>
> And now I've problems from that. Sendmail canonify all third and more
> level subdomain1.domain.tld, subdomain2.domain.tld... to canonical
> domain.tld and unconditionally rewrites recipinet addreses:
>
> address@somesubdomaon.domain.tld --> address@domain.tld
>
> for configured in such way domain names.

Remove wild card CNAME records.
You can stop *your* sendmail from rewriting nets but other sendmails on
the internet will do it anyway.

> Please don't comment that wildcarded MX is evil, violates RFC's and so
> on. They're in their rights and made their choice. It's possible and
> I'm in front of such situation and asking for any tips/triks,
> suggestions, real expirience.

Wild card MX is much lesser devil than wild card CNAME :-)

> Is it possible to setup sendmail lawfully with m4 macros and tuning
> variablrs without manual changes and a writing rules in sendmail.cf to
> skip canonification or/and rewriting recipient address, leave it
> untouched for such wildcarded MX/CNAME domains?

1) Wildcard MX - add HasWildCardMX to ResolverOptions
http://groups.google.com/group/comp....438796cafdef4a
2) Wildcard CNAME - use FEATURE(`nocanonify') at you mail server but
other servers will rewrite anyway => do not use wild card CNAME for
email domains.

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html

21/04/2007, 11h08

Varda Zklir wrote:

> Is it possible to setup sendmail lawfully with m4 macros and tuning
> variablrs without manual changes and a writing rules in sendmail.cf to
> skip canonification or/and rewriting recipient address, leave it
> untouched for such wildcarded MX/CNAME domains?

define(`confDONT_EXPAND_CNAMES'.`True')

Regards,

Kees.

--
Kees Theunissen.

21/04/2007, 11h23

In article <1177148650.026811.17410@b75g2000hsg.googlegroups. com> Varda
Zklir <v20z@yahoo.com> writes:
>
>Is it possible to setup sendmail lawfully with m4 macros and tuning
>variablrs without manual changes and a writing rules in sendmail.cf to
>skip canonification or/and rewriting recipient address, leave it
>untouched for such wildcarded MX/CNAME domains?

Sure ("lawfully" indeed:-) - from cf/README:

confDONT_EXPAND_CNAMES DontExpandCnames
[False] If set, $[ ... $] lookups that
do DNS based lookups do not expand
CNAME records. This currently violates
the published standards, but the IETF
seems to be moving toward legalizing
this. For example, if "FTP.Foo.ORG"
is a CNAME for "Cruft.Foo.ORG", then
with this option set a lookup of
"FTP" will return "FTP.Foo.ORG"; if
clear it returns "Cruft.FOO.ORG". N.B.
you may not see any effect until your
downstream neighbors stop doing CNAME
lookups as well.

The description is seriously out of date, it's OK to use CNAMEs per RFC
2822, and this should probably have the default changed to True - in
particular considering the last sentence.

Wildcard MX records do not cause the rewriting you describe, but may
cause other evil - however normally only if they are in *your* domain.

--Per Hedeland
per@hedeland.org

21/04/2007, 15h21

Varda Zklir <v20z@yahoo.com> writes in comp.mail.sendmail:

> Hello Genlemen,
>
> I've got following situation. Several my sendmail servers acts like
> distributed / load balancing mail hub/gateway for a several enough
> large clients behind me. Some of clients has mass hosting for a few
> thousands offen short lived (several months, half of year) domains. So
> they wildcarded domain names, I think in order to simplify life to
> themselves, as I understand to thomething similar for a few speciifc
> domains:
>
> MX 10 @
> * CNAME @
>
> And now I've problems from that. Sendmail canonify all third and more
> level subdomain1.domain.tld, subdomain2.domain.tld... to canonical
> domain.tld and unconditionally rewrites recipinet addreses:
>
> address@somesubdomaon.domain.tld --> address@domain.tld

You may want set "DontExpandCnames".

doc/op/op.me: ----------------------------------------------

DontExpandCnames
[no short name] The standards say that all
host addresses used in a mail message must
be fully canonical. For example, if your
host is named "Cruft.Foo.ORG" and also has
an alias of "FTP.Foo.ORG", the former name
must be used at all times. This is enforced
during host name canonification ($[ ... $]
lookups). If this option is set, the proto-
cols are ignored and the "wrong" thing is
done. However, the IETF is moving toward
changing this standard, so the behavior may
become acceptable. Please note that hosts
downstream may still rewrite the address to
be the true canonical name however.

21/04/2007, 10h44	#1
Varda Zklir Messages: n/a Hébergeur:	Stop rewriting recipient address for wildcarded MX/CNAME Hello Genlemen, I've got following situation. Several my sendmail servers acts like distributed / load balancing mail hub/gateway for a several enough large clients behind me. Some of clients has mass hosting for a few thousands offen short lived (several months, half of year) domains. So they wildcarded domain names, I think in order to simplify life to themselves, as I understand to thomething similar for a few speciifc domains: MX 10 @ * CNAME @ And now I've problems from that. Sendmail canonify all third and more level subdomain1.domain.tld, subdomain2.domain.tld... to canonical domain.tld and unconditionally rewrites recipinet addreses: address@somesubdomaon.domain.tld --> address@domain.tld for configured in such way domain names. Please don't comment that wildcarded MX is evil, violates RFC's and so on. They're in their rights and made their choice. It's possible and I'm in front of such situation and asking for any tips/triks, suggestions, real expirience. Is it possible to setup sendmail lawfully with m4 macros and tuning variablrs without manual changes and a writing rules in sendmail.cf to skip canonification or/and rewriting recipient address, leave it untouched for such wildcarded MX/CNAME domains? Thank you.

21/04/2007, 11h03	#2
Andrzej Adam Filip Messages: n/a Hébergeur:	Re: Stop rewriting recipient address for wildcarded MX/CNAME Varda Zklir <v20z@yahoo.com> writes: > Hello Genlemen, > > I've got following situation. Several my sendmail servers acts like > distributed / load balancing mail hub/gateway for a several enough > large clients behind me. Some of clients has mass hosting for a few > thousands offen short lived (several months, half of year) domains. So > they wildcarded domain names, I think in order to simplify life to > themselves, as I understand to thomething similar for a few speciifc > domains: > > MX 10 @ > * CNAME @ > > And now I've problems from that. Sendmail canonify all third and more > level subdomain1.domain.tld, subdomain2.domain.tld... to canonical > domain.tld and unconditionally rewrites recipinet addreses: > > address@somesubdomaon.domain.tld --> address@domain.tld > > for configured in such way domain names. Remove wild card CNAME records. You can stop your sendmail from rewriting nets but other sendmails on the internet will do it anyway. > Please don't comment that wildcarded MX is evil, violates RFC's and so > on. They're in their rights and made their choice. It's possible and > I'm in front of such situation and asking for any tips/triks, > suggestions, real expirience. Wild card MX is much lesser devil than wild card CNAME :-) > Is it possible to setup sendmail lawfully with m4 macros and tuning > variablrs without manual changes and a writing rules in sendmail.cf to > skip canonification or/and rewriting recipient address, leave it > untouched for such wildcarded MX/CNAME domains? 1) Wildcard MX - add HasWildCardMX to ResolverOptions http://groups.google.com/group/comp....438796cafdef4a 2) Wildcard CNAME - use FEATURE(`nocanonify') at you mail server but other servers will rewrite anyway => do not use wild card CNAME for email domains. -- [pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html

21/04/2007, 11h08	#3
Kees Theunissen Messages: n/a Hébergeur:	Re: Stop rewriting recipient address for wildcarded MX/CNAME Varda Zklir wrote: > Is it possible to setup sendmail lawfully with m4 macros and tuning > variablrs without manual changes and a writing rules in sendmail.cf to > skip canonification or/and rewriting recipient address, leave it > untouched for such wildcarded MX/CNAME domains? define(`confDONT_EXPAND_CNAMES'.`True') Regards, Kees. -- Kees Theunissen.

21/04/2007, 11h23	#4
Per Hedeland Messages: n/a Hébergeur:	Re: Stop rewriting recipient address for wildcarded MX/CNAME In article <1177148650.026811.17410@b75g2000hsg.googlegroups. com> Varda Zklir <v20z@yahoo.com> writes: > >Is it possible to setup sendmail lawfully with m4 macros and tuning >variablrs without manual changes and a writing rules in sendmail.cf to >skip canonification or/and rewriting recipient address, leave it >untouched for such wildcarded MX/CNAME domains? Sure ("lawfully" indeed:-) - from cf/README: confDONT_EXPAND_CNAMES DontExpandCnames [False] If set, $[ ... $] lookups that do DNS based lookups do not expand CNAME records. This currently violates the published standards, but the IETF seems to be moving toward legalizing this. For example, if "FTP.Foo.ORG" is a CNAME for "Cruft.Foo.ORG", then with this option set a lookup of "FTP" will return "FTP.Foo.ORG"; if clear it returns "Cruft.FOO.ORG". N.B. you may not see any effect until your downstream neighbors stop doing CNAME lookups as well. The description is seriously out of date, it's OK to use CNAMEs per RFC 2822, and this should probably have the default changed to True - in particular considering the last sentence. Wildcard MX records do not cause the rewriting you describe, but may cause other evil - however normally only if they are in your domain. --Per Hedeland per@hedeland.org

21/04/2007, 15h21	#5
Kari Hurtta Messages: n/a Hébergeur:	Re: Stop rewriting recipient address for wildcarded MX/CNAME Varda Zklir <v20z@yahoo.com> writes in comp.mail.sendmail: > Hello Genlemen, > > I've got following situation. Several my sendmail servers acts like > distributed / load balancing mail hub/gateway for a several enough > large clients behind me. Some of clients has mass hosting for a few > thousands offen short lived (several months, half of year) domains. So > they wildcarded domain names, I think in order to simplify life to > themselves, as I understand to thomething similar for a few speciifc > domains: > > MX 10 @ > * CNAME @ > > And now I've problems from that. Sendmail canonify all third and more > level subdomain1.domain.tld, subdomain2.domain.tld... to canonical > domain.tld and unconditionally rewrites recipinet addreses: > > address@somesubdomaon.domain.tld --> address@domain.tld You may want set "DontExpandCnames". doc/op/op.me: ---------------------------------------------- DontExpandCnames [no short name] The standards say that all host addresses used in a mail message must be fully canonical. For example, if your host is named "Cruft.Foo.ORG" and also has an alias of "FTP.Foo.ORG", the former name must be used at all times. This is enforced during host name canonification ($[ ... $] lookups). If this option is set, the proto- cols are ignored and the "wrong" thing is done. However, the IETF is moving toward changing this standard, so the behavior may become acceptable. Please note that hosts downstream may still rewrite the address to be the true canonical name however.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email