From owner-freebsd-isp Mon Jul 30 2:33:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id C34D437B401 for ; Mon, 30 Jul 2001 02:33:20 -0700 (PDT) (envelope-from LConrad@Go2France.com) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 5B14D16B16 for ; Mon, 30 Jul 2001 11:33:13 +0200 (CEST) Received: from IBM-HIRXKN66F0W.Go2France.com [195.115.185.184] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id ABF0EA017E; Mon, 30 Jul 2001 11:42:08 +0200 Message-Id: <5.1.0.14.0.20010730112611.0366fdd0@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 30 Jul 2001 11:34:00 +0200 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: FreeBSD Mail Toaster CLUSTER In-Reply-To: <5.1.0.14.0.20010730111125.00aede60@postoffice.riic.at> References: <20010731041418.A26709@plug.cx> <20010730083553.89918.qmail@web20101.mail.yahoo.com> <996207686.1405.14.camel@percible.alfred.cx> <20010730083553.89918.qmail@web20101.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Or, using round robin dns ... if itīs good enough MX load distribution for these people... ; <<>> DiG 8.3 <<>> aol.com mx ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 15 ;; QUERY SECTION: ;; aol.com, type = MX, class = IN ;; ANSWER SECTION: aol.com. 1H IN MX 15 mailin-03.mx.aol.com. aol.com. 1H IN MX 15 mailin-04.mx.aol.com. aol.com. 1H IN MX 15 mailin-01.mx.aol.com. aol.com. 1H IN MX 15 mailin-02.mx.aol.com. >But what do you do if you nfs/raid server fails? or the local network >between raid/nfs server and mx1 and mx2? or if the mailbox servers, connected directly to internet gets DoS'ed with mailbombs, harvesting, relay attacks, spoofed From: headers, etc, etc? The priorites are screwy when the mailbox server failover is addressed while leaving the mailbox servers exposed as MX hosts. The mailbox servers should be behind a separate, out-front rank of MX hosts as defensive relay hubs (and as outbound gateways). Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message