Previous Section Next Section

DontExpandCnames

Prevent CNAME expansion V8.7 and later

Ordinarily, the $[ and $] operators (Section 18.7.6) cause the enclosed hostname to be looked up with DNS[25] and replaced with the canonical address for that host. The canonical address is the A or AAAA DNS record. For example, consider these DNS records:

[25] If name services are enabled by defining NAMED_BIND (NAMED_BIND) when sendmail is built.

here.us.edu.    IN     A     123.45.67.89
ftp.us.edu.     IN     CNAME here.us.edu.

But if the address ftp.us.edu is fed to the $[ and $] operators in the RHS of a rule:

R $*      $[ $1 $]

the rewritten result of passing ftp.us.edu as $1 will be the name here.us.edu. This behavior was correct under RFC822 and RFC1123, and with the publication of RFC2821 and RFC2822 this change is now officially correct.

Sometimes it is important for the CNAME to appear in email headers as the canonical name. One example might be that of an FTP service moving from one machine to another during a transition phase. In that instance, outgoing mail should appear to be from ftp.us.edu because the records will change after the move, and the ability to reply to such mail must be maintained:

here.us.edu.    IN     A     123.45.67.89   retired and gone
ftp.us.edu.     IN     CNAME there.us.edu. 
there.us.edu.    IN     A     123.45.67.90

Another possibility might be that of a mobile host (a workstation that plugs into different networks and thus has different A records over time):

mobile.us.edu.    IN     CNAME monday.dc.gov.
monday.dc.gov.    IN     A     12.34.56.78
tuesday.foo.com.  IN     A     23.45.67.89

Whenever this workstation is plugged in, its CNAME record is changed to point to the A record of the day: monday.dc.gov on Monday and tuesday.foo.com on Tuesday. But regardless of what its A record happens to be, outgoing mail should look as though it came from mobile.us.edu.

The DontExpandCnames option causes sendmail to accept CNAME records as canonical. It is declared like this:

O DontExpandCnames=bool                  configuration file (V8.7 and later) 
-ODontExpandCnames=bool                  command line (V8.7 and later) 
define(`confDONT_EXPAND_CNAMES',`bool')  mc configuration (V8.7 and later) 

The argument bool is of type Boolean. If bool is missing, the default is true (use the CNAME). If the entire DontExpandCnames option is missing, the default is false (convert CNAMEs to hostnames which point to the real hostname). We recommend that you always declare this option as true. But note that other systems down the line might still expand the CNAME even if you do set this option to true.

The DontExpandCnames option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.

    Previous Section Next Section