Ignoring unqualified MX's ?

torben fjerdingstad unitfj-bind at tfj.rnd.uni-c.dk
Wed Mar 22 09:08:45 UTC 2000


On Tue, Mar 21, 2000 at 09:28:08AM -0700, M.Ashcraft at epixtech.com wrote:
> Barry Margolin wrote:
> >In article <20000321133850.B16823 at tfj.rnd.uni-c.dk>,
> >torben fjerdingstad  <unitfj-bind at tfj.rnd.uni-c.dk> wrote:
> >>One of our customers has had a lot of mail loops because
> >>a spammer has this in his return-path:
> >>Return-path: info at internet.net
> >>
> >>The problem with that is:
> >>
> >>$ host -t mx internet.net
> >>internet.net            MX      5 localhost
> >>
> >>Is it possible to make bind discard that information without
> >>creating a local master zone file for the bogus zone?
> 
> >I know of no way to make BIND ignore it.  Maybe there's some way to make
> >your mailer ignore it, though.
> 
> Sendmail 8.9 /etc/mail/access add the line
> 
> internet.net   DISCARD

I use qmail, the mentioned customer is using PMDF (as far I remember).

Both places we use bind. I would like a bind solution, which
simply discards the bogus MX information.

If it is not possible to make bind junk unqualified MX'es,
I would be happy with a patch (or an explation of why bind
must announce unqualified MX'es).

I think I have pointed out a security problem in bind.
Am I wrong.

-- 
Med venlig hilsen / Regards 
Netdriftgruppen / Network Management Group
UNI-C          

Tlf./Phone   +45 35 87 89 41        Mail:  UNI-C                                
Fax.         +45 35 87 89 90               Bygning 304
E-mail: torben.fjerdingstad at uni-c.dk       DK-2800 Lyngby




More information about the bind-users mailing list