Slightly OT - MX RR Santity Check requested...

Barry Margolin barmar at alum.mit.edu
Fri Mar 30 05:08:56 UTC 2007 

In article <eufb0g$r12$1 at sf1.isc.org>,
 Kevin Darcy <kcd at daimlerchrysler.com> wrote:

> Barry Margolin wrote:
> > In article <euf4o6$98o$1 at sf1.isc.org>,
> >  Mark Andrews <Mark_Andrews at isc.org> wrote:
> >
> >   
> >>> You mean "their" configuration is broken?  The sending mail server is NOT 
> >>> ours.  We're on the receiving end.  
> >>>       
> >> 	No.  Your configuration is broken.  The lowest preference
> >> 	MXs MUST always be reachable.  You cannot depend upon
> >> 	fallback to higher preference MXs.  The sending side is not
> >> 	required to try them.  It is required to try all the lowest
> >> 	preference MXs.
> >>     
> >
> > RFC 2821 seems to contradict you:
> >
> >    When the lookup succeeds, the mapping can result in a list of
> >    alternative delivery addresses rather than a single address, because
> >    of multiple MX records, multihoming, or both.  To provide reliable
> >    mail transmission, the SMTP client MUST be able to try (and retry)
> >    each of the relevant addresses in this list in order, until a
> >    delivery attempt succeeds.  However, there MAY also be a configurable
> >    limit on the number of alternate addresses that can be tried.  In any
> >    case, the SMTP client SHOULD try at least two addresses.
> >   
> The MUST of the "be able to try" is effectively overridden by the MAY of 
> the "configurable limit" (since there's nothing to prohibit a configured 
> limit of 0). Which leaves only the SHOULD, which doesn't create a 
> mandate. An implementation can try only a single address and still be 
> compliant (minimally) with this text. Blame the RFC authors.

I interpret that SHOULD as applying to the administrator, not the 
implementation.  The implementation MUST be able to try all of them, but 
it MAY also provide a configuration parameter that limits this.  And 
when making use of this parameter, the administrator SHOULD NOT set it 
lower than 2.

So the only clients that should cause problems for the OP are sites 
where the administrator has deliberately chosen to cripple their server 
by setting the maximum number of addresses to try to 1.  I expect that 
these are extremely rare.

But if there are implementations that only use the lowest-numbered MX 
record, and don't allow the administrator to configure this, they are 
violating the MUST requirement.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list