Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Mail to wildcard MX records doesn't work from Yahoo Mail, but fine from other addresses

57 views
Skip to first unread message

Bob Eastbrook

unread,
Apr 13, 2010, 3:16:47 AM4/13/10
to
I use wildcard MX records for mail, and a wildcard CNAME for web
traffic. For example:

*.example.com = MX record for mail.example.com
*.example.com = CNAME myapp.appspot.com

Email to b...@foo.example.com gets delivered to mail.example.com, and
web traffic to http://foo.example.com goes to myapp.appspot.com. I
use instructions from Wietse from a post I made on Dec 31, 2009:
http://www.pubbs.net/200912/postfix/75444-virtual-domains-for-wildcard-mx-records.html.

This works for all mailers I've found except for Yahoo Mail. Mail
sent from Yahoo is rejected with:

<b...@foo.example.com>:
[ip.number.of.mailserver] does not like recipient.
Remote host said: 554 5.7.1 <b...@myapp.appspot.com>: Relay access denied
Giving up on [ip.number.of.mailserver].

At first glance, it appears that Yahoo Mail ignores the wildcard MX
record and tries delivering to the CNAME. This is puzzling because my
mail server also handles *.example.org in the same fashion as
*.example.com, and example.org addresses work fine from Yahoo. Note
that my mailserver is mail.example.com, not mail.example.org.

Here's what I have for mydestination:

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

I run postfix 2.3.3 on CentOS 5.4.

Any ideas?

Bob

Simon Waters

unread,
Apr 13, 2010, 4:01:39 AM4/13/10
to
On Tuesday 13 April 2010 08:16:47 Bob Eastbrook wrote:
>

Your post appears mangled beyond hope of direct assistance.

> Remote host said: 554 5.7.1 <b...@myapp.appspot.com>: Relay access denied

This implies that your server rejected it. So where is the log from your
server?

The DNS config you give appears to be a case "CNAME and other" which is a
violation of RFC1034. So fix your DNS and see if things work correctly.

Simon

Bob Eastbrook

unread,
Apr 13, 2010, 5:16:49 AM4/13/10
to
On Tue, Apr 13, 2010 at 1:01 AM, Simon Waters <sim...@zynet.net> wrote:
>
> Your post appears mangled beyond hope of direct assistance.


Are you saying that the message was improperly formatted?


>> Remote host said: 554 5.7.1 <b...@myapp.appspot.com>: Relay access denied
>
> This implies that your server rejected it. So where is the log from your
> server?


NOQUEUE: reject: RCPT from
web81307.mail.mud.yahoo.com[68.142.199.123]: 554 5.7.1
<b...@myapp.appspot.com>: Relay access denied;
from=<a-yaho...@yahoo.com> to=<b...@myapp.appspot.com> proto=SMTP
helo=<web81307.mail.mud.yahoo.com>


> The DNS config you give appears to be a case "CNAME and other" which is a
> violation of RFC1034. So fix your DNS and see if things work correctly.

Thanks for the pointer. I'll have to read up on this. I remain
puzzled as to why the exact same DNS settings for example.org work
just fine on mail.example.com. I suspect that if I had
mail.example.org, then the server wouldn't work with Yahoo Mail
addressed to b...@foo.example.org but would work with
b...@foo.example.com.

Bob

Simon Waters

unread,
Apr 13, 2010, 6:09:14 AM4/13/10
to
On Tuesday 13 April 2010 10:16:49 Bob Eastbrook wrote:
> On Tue, Apr 13, 2010 at 1:01 AM, Simon Waters <sim...@zynet.net> wrote:
> > Your post appears mangled beyond hope of direct assistance.
>
> Are you saying that the message was improperly formatted?

No I'm saying I don't think you aren't administering "example.com"
or "example.org".

I've exchanged email the person who use to administer them now and then, and
he doesn't need my help with DNS configuration issues - well not very
often ;)

But generally best not to obfuscate here, especially on issues relating to
DNS.

Tom Hendrikx

unread,
Apr 13, 2010, 6:21:54 AM4/13/10
to
Bob Eastbrook wrote:

> NOQUEUE: reject: RCPT from
> web81307.mail.mud.yahoo.com[68.142.199.123]: 554 5.7.1
> <b...@myapp.appspot.com>: Relay access denied;
> from=<a-yaho...@yahoo.com> to=<b...@myapp.appspot.com> proto=SMTP
> helo=<web81307.mail.mud.yahoo.com>
>

This says that the yahoo user tries to send mail addressed to
b...@myapp.appspot.com, not to b...@example.org.

Your mail server is not configured to accept mail for that domain (but
DNS records point to it), so either:
- do not send mail to *@myapp.appspot.com
- add myapp.appspot.com to $mydestination

Regards,
Tom

Noel Jones

unread,
Apr 13, 2010, 11:44:44 AM4/13/10
to
On 4/13/2010 2:16 AM, Bob Eastbrook wrote:
> I use wildcard MX records for mail, and a wildcard CNAME for web
> traffic. For example:
>
> *.example.com = MX record for mail.example.com
> *.example.com = CNAME myapp.appspot.com

MX records must not point to a CNAME.

>
> Email to b...@foo.example.com gets delivered to mail.example.com, and
> web traffic to http://foo.example.com goes to myapp.appspot.com. I
> use instructions from Wietse from a post I made on Dec 31, 2009:
> http://www.pubbs.net/200912/postfix/75444-virtual-domains-for-wildcard-mx-records.html.
>
> This works for all mailers I've found except for Yahoo Mail. Mail
> sent from Yahoo is rejected with:
>
> <b...@foo.example.com>:
> [ip.number.of.mailserver] does not like recipient.

> Remote host said: 554 5.7.1<b...@myapp.appspot.com>: Relay access denied


> Giving up on [ip.number.of.mailserver].

Original RFC822 said that mail to a CNAME should be rewritten
to the canonical name. Later RFC's relaxed that, but some
mailers still behave that way.

Don't use a CNAME for email. That will fix the problem.

-- Noel Jones

Victor Duchovni

unread,
Apr 13, 2010, 11:58:49 AM4/13/10
to
On Tue, Apr 13, 2010 at 12:16:47AM -0700, Bob Eastbrook wrote:

> I use wildcard MX records for mail, and a wildcard CNAME for web
> traffic. For example:
>
> *.example.com = MX record for mail.example.com
> *.example.com = CNAME myapp.appspot.com

This is invalid. No DNS domain can resolve to a CNAME and to other data.
A CNAME is a pointer to data held elsewhere, and makes the domain in
question unable to hold any other record type.

Any decent DNS configuration validation tool should pick this up. The
correct solution is:

*.example.com. IN CNAME myapp.appspot.com.
myapp.appspot.com. IN MX 0 mail.example.com.

If you don't control the DNS for myapp.appspot.com, you are out of luck!

--
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.

mouss

unread,
Apr 13, 2010, 6:39:10 PM4/13/10
to
Bob Eastbrook a �crit :

> I use wildcard MX records for mail, and a wildcard CNAME for web
> traffic. For example:
>
> *.example.com = MX record for mail.example.com
> *.example.com = CNAME myapp.appspot.com
>

so you say that *.example.com is an alias (CNAME record), yet you want
to give it attributes (MX record)? or more precisely, you say that
*.example.com _IS_ myapp.appspot.com _BUT_ at the same time, it is not
because it has a different MX...

anyway, don't use CNAME for any domain that receives email.


> [snip]

Bob Eastbrook

unread,
Apr 14, 2010, 5:36:18 PM4/14/10
to
Summary: Thanks for all of the responses. I originally thought this
was a Postfix issue, but now I see that I was doing something invalid
in DNS. I'm surprised that my otherwise excellent nameserver provider
allowed me to do this.

0 new messages