[dns-operations] A problem with using DNAMEs in reverse lookups
Jeroen Massar
jeroen at unfix.org
Sun Apr 3 16:41:24 UTC 2011
On 2011-Apr-03 17:12, Florian Weimer wrote:
> * Jeroen Massar:
>
>> According to the SMTP RFCs an MX effectively becomes a single host, and
>> one should connect to first the AAAA addresses and then the A addresses
>> till you get an SMTP session. When that session says 3xx you should try
>> the next MX, not that same MX on a different address. When you get a
>> 4xx/5xx you should fail.
>
> Which SMTP version are you talking about?
821/2821/5321 all state that, though differently formulated from how I
wrote it.
> There are significant
> differences. IIRC, both RFC 821 and 2821 require that you try other
> mail exchangers after hitting a 5xx permanent error, so I wouldn't
> read too much into them as far as retry behavior is concerned.
the key part there is:
"require that you try other mail exchangers after hitting a"
and not "different addresses for the same MX"
5xx is fatal btw, nothing that can change as it is a final decision that
the command can never succeed. That 5xx should also be generated by the
other MXs. A 3xx/4xx can be retried though, but at another MX, not at
the same MX but at another address.
For folks using greylisting the 'try all the addresses' bit just
generates a lot of connects which should not happen, though indeed the
sender will still hit on their other MXs, but not on all the addresses
of them.
The funnier part is that postfix also has a limit on the delivery
addresses, thus if you multihome an MX with say 10 addresses (couple v4,
couple v6) the second MX might never be hit....
Greets,
Jeroen
More information about the dns-operations
mailing list