Ignoring unqualified MX's ?
Ralf Hildebrandt
R.Hildebrandt at tu-bs.de
Wed Mar 22 12:43:27 UTC 2000
On Wed, Mar 22, 2000 at 10:08:45AM +0100, torben fjerdingstad wrote:
> Both places we use bind. I would like a bind solution, which
> simply discards the bogus MX information.
>
> If it is not possible to make bind junk unqualified MX'es,
> I would be happy with a patch (or an explation of why bind
> must announce unqualified MX'es).
>
> I think I have pointed out a security problem in bind.
> Am I wrong?
Normally you wouldn't accept or relay mail for a domain you are MX for --
just because it's in the DNS -- unless you specify
FEATURE(relay_based_on_MX) (for sendmail).
Nevertheless this can lead to a DOS, since bounces are sent locally, and
since these cannot be delivered, you end up with double-bounces piling up in
the mailbox.
The solution would be to disallow "localhost" for MX records.
More information about the bind-users
mailing list