-----Original Message-----
From: Sanford Whiteman
Sent: Thursday, November 22, 2012 11:55 AM
To: imailad...@bcwebhost.net
Subject: Re: [Declude.JunkMail] MX, DNS and other weird stuff

[I'm not subscribed using this address, but it's the only one on my mobile.
Pls feel free to forward to the list.]

This guy's idea that <host> IN MX <host> is incorrect and "will cause
issues" should really get him fired if he's the highest-level tech on this.
When you want to set up a proper MX record to catch replies to
postmas...@mysmtpserver.example.com, you of course do this by setting up
such a record.  Otherwise the implication would be that you can never
receive mail at the same machine that originated it, but have to come up
with some fake additional hostname?  Ridiculous.  Servers have been set up
this way since the old days, when it was common to see addresses like
u...@host.example.com (as opposed to just @example.com).

Likewise, the idea that an intermediate host that is exempt from
anti-spoofing measures can't reroute DNS requests is ridic.  This is how our
egress filters work: a machine listens using a network monitoring port and
sends synthesized replies back if a website is in the block list.  (The
machine isn't a proxy, it's just listening to the switch's mirroring port in
promiscuous mode).

However, it is true that you have some complexity in your NSs that you need
to work out.  If you hadn't asked about interception it wouldn't have been
my first guess.  When you directly query each NS, what do you get?

-- S.

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to