[oclug] SendMail as a restricted mail relay
Messier, Jean-Francois
jmessier at justice.gc.ca
Thu Nov 4 08:37:49 EST 2004
I agree. However, I think Exchange also has a part of
responsibility in that.
JF
-----Original Message-----
From: oclug-bounces at lists.oclug.on.ca
[mailto:oclug-bounces at lists.oclug.on.ca] On Behalf Of Justin Wheeler
Sent: Tuesday, November 02, 2004 15:46 PM
To: General Membership Discussion List
Subject: Re: [oclug] SendMail as a restricted mail relay
While I don't know sendmail all that well, so I'll refrain from comment
or
trying to assist with that, I'm curious as to this "lowest mx not
responding helps block spam" thing.
>From what I'm aware of, most spam comes from open relays, easy-to-guess
smtp auth sessions, and infected computers -- all of which hitting a
valid
MTA at SOME point in time, right?
Once the message hits a valid MTA, that MTA will (presumably) be
programmed to properly handle MX records and using them in sequential
order like the RFC says, thus negating the whole point in the first
place,
no?
Perhaps I'm just speculating, but it seems to me that setting your
lowest
MX to an unresponsive host would do more harm than good.
Regards,
Justin Wheeler
--
Suicidal egomaniac - I'm too sexy for this life....
On Tue, 2 Nov 2004, Messier, Jean-Francois wrote:
>
> We are having some issues with some domains where they have
several
> MX records with different costs, but where the lowest one exists, but
> is not responding. To Exchange, this seems to make it retrying the
> same MX record, insterad of getting the next one. I understand that
> having the lowest cost MX record not resonding is a cheap way of
> avoiding spam. However, this is causing some problem. From some
> documentation found on the net, one of the solutions is to use a
> middleman SMTP server strictly for outbound. I am considering this
> option, but I want to make sure that whatever rule I put in SendMail
> config and iptable will ensure the following:
>
> Mail can come in only from one single IP address. Mail is then
> relayed to the proper mail server. If the first MX record is not
> responding, then the second one is used.
>
> Anyone has some config files he/she can throw at me for this
kind of
> setup ?
>
> Thanks :-)
>
> JF
> --
> OCLUG general discussion list
> OCLUG at lists.oclug.on.ca http://www.oclug.on.ca/mailman/listinfo/oclug
>
>
--
OCLUG general discussion list
OCLUG at lists.oclug.on.ca
http://www.oclug.on.ca/mailman/listinfo/oclug
More information about the OCLUG
mailing list