Andrey always asks me to blog about what I do for Milan IN, so this time I will but rather to help googlers to find answers rahter than to satisfy Andrey :)
Two hours ago Andrey has mailed me about a problem with sending mail to someone at inwind.it. Our postfix said "mail for inwind.it loops back to myself" and refused to deliver.
I know this message from misconfigured Postfix installations, but this one was done by me and should work as a swiss clock (yeah, self-esteem, I know). So the first thing I've checked was if "accidently" inwind.it hostmaster has indicated 127.0.0.1 as it's MX server. No, he did not.
;; ANSWER SECTION:
inwind.it. 300 IN MX 10 mx5.libero.it.
inwind.it. 300 IN MX 10 mx6.libero.it.
inwind.it. 300 IN MX 10 mx1.libero.it.
inwind.it. 300 IN MX 10 mx2.libero.it.
inwind.it. 300 IN MX 10 mx3.libero.it.
inwind.it. 300 IN MX 10 mx4.libero.it.
Debug log of postfix said clearly, mx4.libero.it resolves to OUR IP address and according to postfix logic, if one of the MX hosts resolves to our IP addresses the mail "loops back to me". How come?
A bit of tcpdumping showed the strange thing:
mx4.libero.it.milanin.com: type A, class IN, addr 80.247.78.230
So what I have learned right away, is that postfix has a "hidden" option:
"append_dot_mydomain" - which was "on" by default and caused postfix to lookup mx4.libero.it.milanin.com if mx4.libero.it was not found. Our DNS answered that it should be resolved into our IP address because we have defined the wildcards (* and @).milanin.com so basically anything.milanin.com will be resolved into our IP address.
After 1.5 hours of debug everything works as it should. But IMHO there is some logical bug in the MX list compilation by Postfix, mx4.libero.it.milanin.com and mx4.libero.it. are not the same thing.
Keywords: dns, mail, mail loop, milanin.com, mta, postfix, web platform, debug
RSS