16.5 Qualify All Addresses?

An unqualified address is one that contains only the user part, such as hans . A qualified address is one that also has a host part, such as hans@here . A fully qualified address has a user part and a fully qualified host part, such as hans@here.us.edu . In general, no address should ever go out in a mail header or envelope that is not fully qualified. [2]

[2] The only exception may be when all mail is forwarded to a hub machine. The assumption is that the hub will fully qualify any addresses that lacks a host part.

To illustrate the types of problems that can arise in using addresses that are not fully qualified, consider a header in which the local host is here.us.edu :

To: hans@here.us.edu
Cc: jane, george@fbi.us.gov
From: you@here.us.edu

Using our original client.cf file, this header would go out unchanged because jane is not a sender address. The assumption is that the hub will view this as a local user and deliver it properly.

Now consider a hub that has two MX records (a rather small number). One points to itself so that it always gets mail first because it is, after all, the hub. The other points to a host at another campus. If the hub is down but its clients are up, mail will be delivered to the other campus, on the assumption that it will hold the mail until the hub returns to service. The problem is that the address jane is unqualified when it gets to the other campus. That other site will either bounce the mail because a user jane is unknown or deliver it to another user with the same name who is really a different person.

Before allowing unqualified addresses to go out from a client, be sure that there are no offsite MX records and that there are no plans for any.

This is one of the reasons we said that our original client.cf file was for learning purposes only. This is also one of the reasons why the m4 (1) technique produces more complex files and why we recommend using null.mc .