I have read the PostX system will attempt delivery to a MX record first and then if unsuccessful it will send to the A record. I need to configure the Ironport to only deliver mail to domains with vaid MX records.
The reason being if a bounce is generated by another MTA sending through the IronPort the return address for this has no valid MX records but the IronPort queues this as an Active Recipient ultimately landing up with AR queues of around 7000 mails that will inevitably never get delivered.
domain.com will have valid MX records but not mail.domain as this will just be an A record
I don't have a precise solution for you, but I can offer these observations. For your IEA machine, Postfix MTA is probably the MTA that is doing the mail delivery. I can believe it is following RFC standard but falling back on the A record. I was able to get the same results that you got.
"If no MX records are found, but an A RR is found, the A RR is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host."
I tried to look up how you can force Postfix to not fall back on the A record entry, but was unsuccessful on getting it to work. I think if you're going to get it to not use the A record and instead just get deferred if no MX record exist, it would be in the realm of Postfix, as this is probably the MTA doing the delivery.
I tried to use this setting called "ignore_mx_lookup_error=no", restarted Postfix, but it still used the A record. Hope that helps.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...