On Tue 17/Jun/2025 14:20:52 +0200 sebastian wrote:
>>Presumably, a mail server should not consult a DNS hacked for browsers?
Presumably, a firewall located between LAN and WAN has no way to
know if the UDP packet is for a SPF client or browser. It sees a DNS
response packet coming from a server on the WAN side that is not in
the firewall's list of servers permitted to bypass DNS Rebinding
orotection, finds a private IP in the response, and throws the UDP
packet in the dustbin.
On 17.06.25 18:55, Alessandro Vesely via mailop wrote:
You can run a DNS server for use by the mail server only.
You can and should run such server.
...with QNAME minimization turned off.
And exempt that server from DNS "fixups" by mentioned firewall.
That would fix more than just SPF.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
