On May 14, 2006, at 5:53 AM, netguy wrote:
John Rudd wrote:
[snip]
Why not have:
- domain.tld have an A record (IP addr A)
- web server listens to IP addr A on a virtual network interface. (in
addition to listening to its regular IP addr on whatever other
network interface it already has)
- the only ports listening on IP addr A are the web services (nothing
on port 25, nothing on sshd, nothing on 110, etc.). It can listen to
whatever it wants to on its other IP addr, but on IP addr A it _ONLY_
listens to web services.
- the web services running on IP addr A only offer HTTP level
redirects to the normal web server IP addr (ie. not html tags that
redirect, but actual low level http protocol redirects)
I am a small provider ( tiny ) and have multiple hosted domains behind
a firewall with smtp,pop3, imap and www all pointing to a server
behind the firewall. I can't seperate out the ports. Having another
machine just for www doesn't make any sense to me as my current
machine does not use much CPU power as it is and it would just add to
the overhead.
As someone else pointed out, my suggestion doesn't require multiple
machines, it requires 1 machine with multiple public IP addresses.
This does depend on what type of firewall you're using (a real
firewall, or a NAT box) and how/whether it deals with multiple public
IP addresses ... and how many public IP addresses you have/can-get from
your upstream provider.
Note that since you are advocating an A record for domain.tld, this
does nothing for the network bandwidth that the spammers would
consume. Sure it is not much now, but.... who knows?
The only bandwidth they'll consume are the attempted TCP connects which
will be refused (because no port is listening at that IP address).
Tiny compared to them trying to submit actual messages.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
