[Dnsmasq-discuss] Wildcard / catch all Mail eXchanger (MX)

Matus UHLAR - fantomas uhlar at fantomas.sk
Sun May 9 14:42:17 UTC 2021


On 08.05.21 22:44, Mark wrote:
>Thanks for the suggestion Petr - have put a DNAT rule in place - does the
>job. :)

at least until one of your clients start complaining that you are hijacking
their SMTP connections, which may lead to legal issues.

>On Sat, 8 May 2021 at 06:33, Petr Menšík <pemensik at redhat.com> wrote:
>> I don't think there exists way to do what you requested using dnsmasq.
>>
>> However, it might work to DNAT rule outgoing SMTP connections to your
>> smarthost, moving this decision from DNS to IP firewall/NAT. Could be
>> done only on some gateway of course.
>>
>> But I think your users would not like such redirection, I think blocking
>> outgoing ports and requesting manual configuration from clients might be
>> more acceptable. Just my 2 cents.

>> On 5/7/21 4:05 PM, Mark wrote:
>> > I know there are MX related configuration options which can be used in
>> > dnsmasq.conf (mx-host, mx-target, selfmx and localmx) - however, none of
>> > them appear to be able to deliver the specific functionality I'm looking
>> > for...here's what I'm trying to do...
>> >
>> > I have an internal network that is using dnsmasq for name resolution and
>> > some (not all) hosts are using it for DHCP.
>> >
>> > I would like dnsmasq to deliver a single MX record back to MX queries
>> > from
>> > hosts on my internal network no matter what mail domain is being included
>> > in their MX query - i.e. a 'wildcard MX' (which I'll point to my SMTP
>> > smarthost).
>> >
>> > The description of the 'mx-host' option in dnsmasq's man page makes
>> > reference to this type of requirement ("for directing mail from systems
>> > on
>> > a LAN to a central server") - however, dnsmasq still appears to need to
>> > be
>> > configured to provide responses only for specifically mail domains
>> > ("hostname") MX requests.
>> >
>> > Essentially, I believe I want to specify a wildcard as the "hostname"
>> > (really "mail domain").
>> >
>> > I wondered if it's possible to deliver this functionality with the
>> > current
>> > dnsmasq?
>> >
>> > Appreciate any insights you're able to share.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.



More information about the Dnsmasq-discuss mailing list