Viktor Dukhovni <[email protected]> wrote: > > If so, perhaps I'm free to do CNAME chasing or anything at all, > since this case lies outside the scope of the standards. Given a > choice of failing, doing something painful like SNI, or chasing > the CNAME, Postfix will chase the CNAME.
That would be wrong. The specification is quite clear that the query name for the TLSA record is constructed from the target name in the SRV or MX record. Whether the target is an alias or not is immaterial. > I should note that with SMTP, a non-MX destination (A or AAAA only) > is per 5321 equivalent to an implicit MX, but its base is perhaps > the target of the CNAME (second paragraph of): > > https://tools.ietf.org/html/rfc5321#section-5.1 > > The lookup first attempts to locate an MX record associated with the > name. If a CNAME record is found, the resulting name is processed as > -------------------------------------------------------------- > if it were the initial name. If a non-existent domain error is > ---------------------------- > returned, this situation MUST be reported as an error. If a > temporary error is returned, the message MUST be queued and retried > later (see Section 4.5.4.1). If an empty list of MXs is returned, > the address is treated as if it was associated with an implicit MX > RR, with a preference of 0, pointing to that host. If MX records are > present, but none of them are usable, or the implicit MX is unusable, > this situation MUST be reported as an error. Oh blimey. Thanks for pointing that out. In this situation I think the right thing would be to look for the TLSA in the same place as when connecting to a host, as in RFC 6698 section 3. That is, just add _25._tcp to the start of the domain. The reason I think this is right is that in the absence of MX records you should get the same behaviour when you specify (per Sendmail and Postfix notation) a relay host as "[hostname]" (i.e. without MX lookups) or as "hostname" (i.e. with MX lookups). Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
