Ignoring unqualified MX's ?
kcd at daimlerchrysler.com
Thu Mar 23 13:08:33 UTC 2000
torben fjerdingstad wrote:
> On Wed, Mar 22, 2000 at 06:25:59PM +0000, Barry Margolin wrote:
> > >> >>One of our customers has had a lot of mail loops because
> > >> >>a spammer has this in his return-path:
> > >> >>Return-path: info at internet.net
> > >> >>
> > >> >>The problem with that is:
> > >> >>
> > >> >>$ host -t mx internet.net
> > >> >>internet.net MX 5 localhost
> > >> >>
> > >> >>Is it possible to make bind discard that information without
> > >> >>creating a local master zone file for the bogus zone?
> > >I use qmail, the mentioned customer is using PMDF (as far I remember).
> > I'm not sure why that MX record is causing you problems, anyway. It points
> > to the name localhost in the root domain, but there is no such name. Why
> > is your mailer trying to send it to localhost.yourdomain?
> Actually, it was not my mailer. It tries to send the bounces to
> localhost., which usually is at ip 127.0.0.1.
> My mailer (qmail) does the same. And sendmail does.
> I tried to send mail to nosuchuser at internet.net from
> qmail and sendmail. Both try to deliver to localhost.
> > Your subject line refers to "unqualified" names, but the DNS protocol
> > doesn't actually have such a thing.
> You are right. localhost. is a fully qualified toplevel domain
> Anyway, I believe email addresses like tfj at dk, tfj at net and
> other toplevel email adresses are illegal.
> If that is correct, it is sane to discard MX and A records
> pointing to a toplevel domain. The well known toplevel
> domains neither have A or MX records.
DNS is just an information repository. It is the application's responsibility to
determine whether the information it receives from DNS is "good" or "bad",
depending on its particular needs. Blocking mail to top-level domain names is
something that should be relatively easy to do within any mail server's
configuration, why not do it there?
More information about the bind-users