The mail filters run bind 9.{2,3} as caching servers. I see just putting
the addrs in as cnames under a subdomain. I don't have any intent on doing
per-user logic or I'd use A records, but I envision this as:
valid IN A 127.0.0.1
paddr.mail.ex-dom.com. IN CNAME valid // [EMAIL PROTECTED]
person.addr.mail.ex-dom.com. IN CNAME valid // [EMAIL PROTECTED]
And so forth. Anything not mapping would be graciously received and
discarded or hard failed. The choice of the keyword 'valid' is important in
that I would test to see that I had DNS available for that before doing a
hard failure -- otherwise accept the email as usual and forward as I do now.
The selection of the subdomain 'mail' is purely arbitrary.
peter
On 11/17/04 4:08 PM, "David Nicol" <[EMAIL PROTECTED]> wrote:
> now the only problem will be writing your design into an RFC and all that.
>
> Instead of SPF, you could call it RWB for Recipient Won't Bounce, and stuff it
> in text records
>
> my preference is for defining A records for all of your incoming addresses,
> and the added bonus is you can use SPF macros to reuse your format in
> your SPF records and avoid spoofage from nonexistent addys in your domains.
>
> Which DNS server do you use and does it hit a DB (pdns) or do you rewrite
> its files and have it reformat its internal DB when there are changes
> (tinydns) ?
>
>
> On Wed, 17 Nov 2004 15:17:54 -0600, Peter Eisch <[EMAIL PROTECTED]> wrote:
>>
>> Hey! Thank you!
>>
>> I've wanted to do such a thing, but never put the 2 + 2 together (I'm
>> already using DNS for my qpsmtpd config management for the plethora of
>> domains I filter email). It had never occurred to me to use DNS for valid
>> addresses and aliases before...
>>
>> peter
>>
>>
>>
>>
>> On 11/17/04 2:39 PM, "David Nicol" <[EMAIL PROTECTED]> wrote:
>>
>>> On Wed, 17 Nov 2004 04:23:57 -0500, John Peacock <[EMAIL PROTECTED]>
>>> wrote:
>>>
>>>
>>>> 2) use some out of band method to query the remote server for valid
>>>> mailboxes; I
>>>> wrote a small finger server which queries my central vpopmail MySQL
>>>> database
>>>> to
>>>> validate the mailboxes; this is a much lighter weight check (and you have
>>>> to
>>>> remember to check aliases and list addresses, too).
>>>
>>>
>>> <mode aspect="visionary" mood="frustrated">
>>>
>>> DNS would work better for this since it has well-defined caching, unlike
>>> VRFY,
>>> but adding a local cache would also work well, and nobody wants to muck
>>> with custom DNS servers that much
>>>
>>> </mode>
>>>
>>>
>>
>>
>
