On Sat 30/Jul/2016 14:30:18 +0200 Sam Varshavchik wrote: > Matus UHLAR - fantomas writes: >> On 29.07.16 06:48, Sam Varshavchik wrote: >>> Courier should accept postmaster@[ipaddress], where ipaddress matches >>> the connection's IP address. It won't accept any other IP address.
That means ipaddress matches the /local side/ of the connection if the mail address is a recipient, right? >> what about servers behind DNAT? > > That's obviously a problem. But this problem is due to DNAT itself. > > If a mail server accepts any IP address, delivers locally for its own IP > address, and relays everything else, DNAT will still be a problem there. A > mail > addressed to postmaster@[public ip address] which reach the server, which will > promptly attempt to relay it. Reverse lookup can be used to learn which domain's postmaster that would be, as it is always possible to configure local views of private addresses. If rDNS works, the domain name can replaced the IP address and the message delivered accordingly. If rDNS doesn't work, relay to ipaddress:25 but drop the literal domain from the recipient email address. Would that work? > If the mail server ignores the IP address, then the mail server itself cannot > be used to relay mail for postmaster@[some public ip address]. Yes, it doesn't make sense to relay and deliver at the same time. I put the question to the SMTP interest list: https://mailarchive.ietf.org/arch/msg/ietf-smtp/Afx85GoYWIRzy6vAQkzJ0hzE10s > I would also have to question whether anyone cares a lot about this legacy > SMTP > feature. It is meant as a last resort, in case there's something wrong in the DNS. An extra bit of resiliency, which would almost never be used. Ale -- ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users