Mailing List Archive

On 2023-12-01 John R Levine via Exim-users <exim-users@lists.exim.org> wrote:
> It appears that Jeremy Harris via Exim-users <jgh@wizmail.org> said:
[...]
> > Our log says that message was aimed at exim-users@cumin.exim.org

> Oh, I see the problem. lists.exim.org is a CNAME for cumin.exim.org,
> and qmail is standard compliant per RFC 1123:

> 5.2.2 Canonicalization: RFC-821 Section 3.1

> The domain names that a Sender-SMTP sends in MAIL and RCPT
> commands MUST have been "canonicalized," i.e., they must be
> fully-qualified principal names or domain literals, not
> nicknames or domain abbreviations. A canonicalized name either
> identifies a host directly or is an MX name; it cannot be a
> CNAME.

> When I put in an explicit route it uses that rather than resolving the CNAME,
> unrelated to IPv6.

> It's poor form to use a CNAME as a mail domain, and worse form not to
> do what the standard says, but I suppose that horse left the barn a
> long time ago.

Hello,

Afaict this part of rfc1123 has been superseded by RFC 2821 [1] anno 2001
which explicitely allows CNAMES.

cu Andreas

[1] since superseded by rfc 5321

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Fri, Dec 01, 2023 at 12:09:44AM -0500, John R Levine via Exim-users wrote:

> Oh, I see the problem. lists.exim.org is a CNAME for cumin.exim.org,
> and qmail is standard compliant per RFC 1123:
>
> 5.2.2 Canonicalization: RFC-821 Section 3.1
>
> The domain names that a Sender-SMTP sends in MAIL and RCPT
> commands MUST have been "canonicalized," i.e., they must be
> fully-qualified principal names or domain literals, not
> nicknames or domain abbreviations. A canonicalized name either
> identifies a host directly or is an MX name; it cannot be a
> CNAME.
>

That text is obsolete. There is no such text in RFC5321, and
CNAME-valued mail domains have long been OK. The sending MTA (its DNS
resolver) is expected to restart the MX lookup at the target of the
CNAME, and if no MX records are found, use the final A/AAAA records.

Envelope addresses are not affected by the CNAME recipient domain,
and must not be "canonicalised".

https://www.rfc-editor.org/rfc/rfc5321#section-2.3.5

Only resolvable, fully-qualified domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
in Section 5) are permitted, as are CNAME RRs whose targets can be
resolved, in turn, to MX or address RRs. Local nicknames or
unqualified names MUST NOT be used. There are two exceptions to the
rule requiring FQDNs:

https://www.rfc-editor.org/rfc/rfc5321#section-5.1

The lookup first attempts to locate an MX record associated with the
name. If a CNAME record is found, the resulting name is processed as
if it were the initial name. If a non-existent domain error is
returned, this situation MUST be reported as an error. If a
temporary error is returned, the message MUST be queued and retried
later (see Section 4.5.4.1). If an empty list of MXs is returned,
the address is treated as if it was associated with an implicit MX
RR, with a preference of 0, pointing to that host. If MX records are
present, but none of them are usable, or the implicit MX is unusable,
this situation MUST be reported as an error.

If "qname" has problems with recipient domains that are aliases, the
problem is with qmail.

--
Viktor.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

It appears that Viktor Dukhovni via Exim-users <exim-users@dukhovni.org> said:
>That text is obsolete. There is no such text in RFC5321, and
>CNAME-valued mail domains have long been OK. The sending MTA (its DNS
>resolver) is expected to restart the MX lookup at the target of the
>CNAME, and if no MX records are found, use the final A/AAAA records.

Huh, you're right. In my minor defense, the CNAME code was written in
1998, RFC 2821 was published in 2001, and as far as I can tell this is
the first time in 20 years that I've sent to a CNAME'd domain that
caused a problem. I'll go patch the code.

Just wondering, I'm pretty sure I sent mail to this list in the past.
Is the CNAME new?

R's,
John

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 12/1/23 16:50, John Levine via Exim-users wrote:
> Just wondering, I'm pretty sure I sent mail to this list in the past.
> Is the CNAME new?

It probably appeared when some systems were reshuffled, earlier this year.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Fri, 1 Dec 2023, John Levine via Exim-users wrote:

> It appears that Viktor Dukhovni via Exim-users <exim-users@dukhovni.org> said:
>> That text is obsolete. There is no such text in RFC5321, and
>> CNAME-valued mail domains have long been OK. The sending MTA (its DNS
>> resolver) is expected to restart the MX lookup at the target of the
>> CNAME, and if no MX records are found, use the final A/AAAA records.
>
> Huh, you're right. In my minor defense, the CNAME code was written in
> 1998, RFC 2821 was published in 2001, and as far as I can tell this is
> the first time in 20 years that I've sent to a CNAME'd domain that
> caused a problem. I'll go patch the code.
>
> Just wondering, I'm pretty sure I sent mail to this list in the past.
> Is the CNAME new?

I have mail from you to this list in 2021 and the exim-dev list in 2022.
The headers suggest that exim.org was served by hummus.csx.cam.ac.uk
at that time, so may well not have used a CNAME.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Quoting John Levine via Exim-users (exim-users@lists.exim.org):

> >That text is obsolete. There is no such text in RFC5321, and
> >CNAME-valued mail domains have long been OK. The sending MTA (its DNS
> >resolver) is expected to restart the MX lookup at the target of the
> >CNAME, and if no MX records are found, use the final A/AAAA records.
>
> Huh, you're right. In my minor defense, the CNAME code was written in
> 1998, RFC 2821 was published in 2001, and as far as I can tell this is
> the first time in 20 years that I've sent to a CNAME'd domain that
> caused a problem. I'll go patch the code.

Exim has the same CNAME "bug" left over from those times.
https://bugs.exim.org/show_bug.cgi?id=1383

Though it works in different mysterious ways routing bounces back as can
be seen in the examples in that bug report. ;)

--
| 't Gaat om 't spel, niet om de knikkers!
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/