On Sat 30/Jul/2016 14:30:18 +0200 Sam Varshavchik wrote:
> Matus UHLAR - fantomas writes:
>> On 29.07.16 06:48, Sam Varshavchik wrote:
>>> Courier should accept postmaster@[ipaddress], where ipaddress matches
>>> the connection's IP address. It won't accept any other IP address.

That means ipaddress matches the /local side/ of the connection if the mail 
address is a recipient, right?

>> what about servers behind DNAT?
>
> That's obviously a problem. But this problem is due to DNAT itself.
>
> If a mail server accepts any IP address, delivers locally for its own IP
> address, and relays everything else, DNAT will still be a problem there. A 
> mail
> addressed to postmaster@[public ip address] which reach the server, which will
> promptly attempt to relay it.

Reverse lookup can be used to learn which domain's postmaster that would be, as 
it is always possible to configure local views of private addresses.  If rDNS 
works, the domain name can replaced the IP address and the message delivered 
accordingly.  If rDNS doesn't work, relay to ipaddress:25 but drop the literal 
domain from the recipient email address.  Would that work?

> If the mail server ignores the IP address, then the mail server itself cannot
> be used to relay mail for postmaster@[some public ip address].

Yes, it doesn't make sense to relay and deliver at the same time.  I put the 
question to the SMTP interest list:
https://mailarchive.ietf.org/arch/msg/ietf-smtp/Afx85GoYWIRzy6vAQkzJ0hzE10s

> I would also have to question whether anyone cares a lot about this legacy 
> SMTP
> feature.

It is meant as a last resort, in case there's something wrong in the DNS.  An 
extra bit of resiliency, which would almost never be used.

Ale
-- 


------------------------------------------------------------------------------
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to