Jaime Kikpole wrote:
On Mon, Jul 13, 2009 at 1:47 PM, Victor
Duchovni<victor.ducho...@morganstanley.com> wrote:
Don't use a CNAME in a mail address.
Why not? After all, how would you handle vhosts if you can't send as
the CNAME record?
Sendmail often rewrites these. Postfix typically leaves CNAME domains
alone. The OP should avoid these, but otherwise, should find out *where*
along the delivery path the CNAME is replaced with the underlying name.
I'm the OP. Based on the data I have, I believe that what goes into
postfix uses the CNAME but what comes out is using the A record. I do
have a little doubt, though, as the /var/log/maillog file shows
"w...@atlas.cairodurham.org" connecting to postfix.
If I "grep cairo main.cf*" and "grep atlas main.cf*", I don't see
anything that should be rewriting this.
I just tried a test with "telnet localhost 25" to be sure about this.
That test appears to have worked out the way that I want. IOW, that
it came from local_u...@cns.cairodurham.org. This gave me some
doubts. However, when I change DNS so that both atlas.cairodurham.org
and cns.cairodurham.org are A records (and the reverse DNS points to
atlas) and try to send email from Request Tracker again, I find that
it works the way that I want.
So its caused by some combination of factors which includes the CNAME
and Request Tracker. (Remember, using telnet to manually build and
send a message sent it as cns.cairodurham.org before the DNS changed.)
Any reason I shouldn't leave the DNS like this?
Also, that question about virtual hosting of several email domains was
not rhetorical. How is a sysadmin supposed to configure their DNS for
such a thing?
Thanks,
Jaime
The easy fix is "don't use a CNAME in a mail address".
In the distant past it was a requirement to canonicalize a
CNAME in addresses. If I remember right, postfix dropped this
behavior around version 2.0. Although it's no longer a
requirement, some software continues to do this or old
software may be in the path. For general mail sent over the
internet, avoid using CNAME because you can't control when or
if it will get rewritten.
The hard fix is to track a message from creation and
submission to transmission to delivery and find what software
is changing the name and fix it.
Since you've already successfully tested with telnet directly
to postfix, it would seem the problem is with creation or
submission.
-- Noel Jones
