On 11/07/2011 15:21, Reindl Harald wrote:
Am 11.07.2011 16:12, schrieb Mark Goodge:
On 11/07/2011 15:02, Бак Микаел wrote:
Easy!
Fix the software that your trusted users use to add their domain. Make
THAT software check that the domain's MX record points to the right
place BEFORE you actually add it to the database.
That's not actually helpful, because if you want to avoid any interruption to
mail
delivery you have to add the domain to the new destination server before you
alter
the MX to point it there
for NEW domains this is no problem and for existing domains
it MUST NOT happen that some idiot can add any domain to
a mail-system
Well, it's generally OK to add any domains to a recipient mail server,
provided there is no prospect of mail ever actually reaching that server
other than by MX. That is, inbound mail is hosted on a box which is
never used for outbound mail. So long as that's the case, it doesn't
matter if arbitrary domains are added to the system as there will never
be any mail reaching those domains on that server. That's not an
uncommon situation with many hosting suppliers, where you can add a
domain to the hosting system without any prior checks and then re-point
your MX there afterwards. I've just checked, and it's possible on my
main external host, even though I don't actually use it for mail. Heck,
it's even possible to fool Google Apps into accepting mail for some
domains that you don't control - but, of course, Google takes care to
ensure that it never breaks anything for anyone else if you do.
Speaking with my corporate network administrator hat on, I would
absolutely expect to be able to do this if I was considering using some
third-party mail service. That is, I will want to see my domains added
to the supplier's system and correctly handling inbound mail (tested by
means of telnet to port 25 and manually injecting a sample mail) before
I will update the MX records and allow mail to flow normally through the
server. A mail hosting supplier who won't permit that won't get my business.
If you're running a mail service for other people, then you have to
accept that you will, on occasions, find your servers configured to
accept mail that they aren't an MX destination for - not just in the
course of new domains transitioning in, but also because existing
domains will be transitioned away and people will forget to remove them
from the configs. So the solution is not to try prevent that happening
(because you can't), it's to ensure that it doesn't matter if it does.
(Obviously, from an administrative perspective, you want to minimise the
number of domains on your system that you're not actually the MX
destination for, and there are several good ways of going about that.
But minimising isn't the same as preventing, so you can't design a
system around the assumption that you will only ever be configured to
accept mail for which you are the MX destination).
The problem described by the OP is caused by a situation where non-MX
mail (eg, outbound mail from his organisation) shares a server which
handles mail for arbitrary domains added by end-users. That will result
in the outcome he described, where outbound mail is (correctly) routed
by the domain entry to the destination mailbox or forwarding address on
the server. Apart from causing that particular problem, though, that's
also bad because it breaks one of the fundamental rules of service
provision: Keep your customers' data entirely separate to your own. And,
as plenty of people have said in the course of this thread, the solution
isn't to try and make Postfix deal with it, the solution is to use
Postfix as part of a properly designed mail architecture.
Mark
--
Sent from my Babbage Difference Engine
http://mark.goodge.co.uk
http://www.ratemysupermarket.com
