Viktor Dukhovni via Postfix-users:
> On Wed, Sep 10, 2025 at 11:52:03AM +0200, Matus UHLAR - fantomas via
> Postfix-users wrote:
> > On 08.09.25 18:37, John, Chris via Postfix-users wrote:
> > > I have a postfix 3.5.2 system that accepts messages from internal hosts
> > > and relays to internal destinations and to an email perimeter that
> > > delivers to external (Internet) domains.
> > >
> > > The issue I'm seeing is regarding external domains that do not follow
> > > DNS best practices and have CNAME records published for the same domain
> > > that their MX records are published for.
> >
> > This is not about following best practices. This is clearly violation of DNS
>
> No, not a violation of DNS, rather such a rewrite is a violation of
> RFC2321 (and its successors: 5321, 5321bis[1]) which changed the
> semantics of CNAME-valued address domain parts from RFC821.
>
> RFC821, Section 3.7 "Domains" reads in part:
>
> Whenever domain names are used in SMTP only the official names are
> used, the use of nicknames or aliases is not allowed.
>
> Whereas RFC2821, Section 3.6 "Domains" reads in part:
>
> https://www.rfc-editor.org/rfc/rfc2821#section-3.6
>
> Only resolvable, fully-qualified, domain names (FQDNs) are permitted
> when domain names are used in SMTP. In other words, names that can
> be resolved to MX RRs or A RRs (as discussed in section 5) are
> permitted, as are CNAME RRs whose targets can be resolved, in turn,
> to MX or A RRs. Local nicknames or unqualified names MUST NOT be
> used.
>
> The distinction being that <localpart@alias.example> was therefore permitted.
>
> Sufficiently ancient Sendmail configurations defaulted to "canonifying"
> the recipient domain. I had a vague recollection the syntax was
> something like $[ ... ]. Which was almost correct, a quick search turns
> up:
>
> https://www.sendmail.org/~ca/email/doc8.12/cf/m4/features.html
>
> nocanonify Don't pass addresses to $[ ... $] for canonification by
> default, i.e., host/domain names are considered canonical,
> except for unqualified names, which must not be used in this
> mode (violation of the standard).
>
> A properly configured Sendmail system should not "canonify", but it
> seems that some still do.
Postfix 1.1 is the last version that 'unaliases' an SMTP envelope
address. The smtp_unalias_addr() function still exists in later
Postfix versions, but it is no longer used.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
