SMTP, use CNAME or real name as server address

cname-recordemailsmtp

Problem description:

I'm managing a corporate Email server for nlscan.com serving xxx@nlscan.com. However, for historical reason, we still support xxx@mail.nlscan.com. That is, foo@nlscan.com and foo@mail.nlscan.com refer to exactly the same mailbox and mail account. We recently find that some alien domain like @corp.url.com.tw fails to send email to us; our SMTP log shows that @corp.url.com.tw's SMTP server issues SMTP command

RCPT TO:<xxx@nlsgate.nlscan.com>

We do not recognize nlsgate.nlscan.com as recipient address, so it fails. We just allow 'RCPT TO: <xxx@mail.nlscan.com>' .

Where does that @nlsgate.nlscan.com come from? I fact, on our DNS, mail.nlscan.com is defined to be a CNAME of nlsgate.nlscan.com .

If sending from Gmail or Hotmail, we see the correct

RCPT TO:<xxx@mail.nlscan.com>

So, I'd like to ask, is the behavior of corp.url.com.tw's SMTP server RFC compliant? If it is compliant, we have to make mail.nlscan.com a A record instead of a CNAME record, right? And please tell me which RFC is it?

Best Answer

I don't know that it's causing the underlying problem, but to answer your specific question, no, an MX record must not be a CNAME. According to RFC2181 s10.3,

The domain name used as the value of a NS resource record, or part of the value of a MX resource record, must not be an alias. Not only is the specification clear on this point, but using an alias in either of these positions neither works as well as might be hoped, nor well fulfills the ambition that may have led to this approach. This domain name must have as its value one or more address records. Currently those will be A records, however in the future other record types giving addressing information may be acceptable. It can also have other RRs, but never a CNAME RR.

In practice, it often works, but if you're experiencing issues then the very first thing is to get yourself RFC-compliant, then investigate issues that continue past that.

Related Topic