From owner-freebsd-isp Fri Jul 23 7:19:36 1999 Delivered-To: freebsd-isp@freebsd.org Received: from aurora.sol.net (aurora.sol.net [206.55.65.76]) by hub.freebsd.org (Postfix) with ESMTP id 1C7C31558B for ; Fri, 23 Jul 1999 07:19:31 -0700 (PDT) (envelope-from jgreco@aurora.sol.net) Received: (from jgreco@localhost) by aurora.sol.net (8.9.2/8.9.2/SNNS-1.02) id JAA85695; Fri, 23 Jul 1999 09:18:41 -0500 (CDT) From: Joe Greco Message-Id: <199907231418.JAA85695@aurora.sol.net> Subject: Re: A and MX to different ip's for same name In-Reply-To: <19990722233540.2920720F59_infowest.com@ns.sol.net> from "Aaron D. Gifford" at "Jul 22, 1999 11:37:41 pm" To: agifford@infowest.com (Aaron D. Gifford) Date: Fri, 23 Jul 1999 09:18:40 -0500 (CDT) Cc: freebsd-isp@freebsd.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > "Leif Neland" said: > >Do all mailers look for MX before A records? > > Yes, mail delivery will be attempted to the hosts listed in MX > records if they are present. Nice theory but it doesn't work that way in the real world. You need to qualify that with a "usually". :-/ There is still a large installed base of legacy Internet garbageware that had a hard enough time implementing DNS service at all, and I'm aware of several that do not do MX fallback or MX lookup at all. Much of it seems to be PC or VMS stuff. "Figures." It is hard explaining to people why their mail system is so horridly broken when they are able to mail a large percentage of the world without a problem. The ones I love are the ones that do even worse things like try _just_ the lowest pref MX host. I typically firewall off a client's SMTP port to the general world but leave it in the MX list. This forces mail to go to a secondary MX host first (ISP's MX server) which can then talk directly to the client via a firewall exception. This requires no hand- coding of things into mailertable or any other gyrations at the ISP, and provides a nice level of indirection that keeps the client's mail port from being abused or attacked. I occasionally run into some dumbass mail package that doesn't walk the MX list properly (or at all), but I see it so rarely that I don't remember just which one it is. My vote: Just do the MX thing and turn off mail on the Web server. The people who insist on running non-MX-compliant mailers deserve to lose. ... JG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message