Why forwarding is a Bad Thing
kcd at daimlerchrysler.com
Fri Mar 23 19:18:20 UTC 2001
Jim Reid wrote:
> >>>>> "Brad" == Brad Knowles <brad.knowles at skynet.be> writes:
> >> For example in most mail systems, it is trivial to configure
> >> them to send all non-local mail (for some definition of local)
> >> to a smart mail relay.
> Brad> True enough, but then you're hard-coding by name what
> Brad> your outbound mail relay(s) is/are.
> This is no big deal. Just change the A or MX record and the migration
> from old relay to new relay is done for everyone.
> Brad> However, one thing I still don't understand is how
> Brad> doing that sort of thing is significantly different from
> Brad> hard-coding your outbound mail relay(s), and yet one is
> Brad> "evil" and the other is not.
> Well with mail forwarding/relaying, it's done on name, not IP address.
> This is a big win. The configurations don't have to change if the
> mailhub moves. Make one DNS change and it's done.
> And there are usually other criteria -- value-added functions like
> billing, virus scanning, content control, anti-spam checks, etc --
> which make centralised mail relays attractive or mandatory. I have
> also seen central mail relays helping to route mail more efficiently
> into enterprise-wide mail solutions like Notes or Exchange.
Of course, it's perfectly reasonable to use wildcard MX'es
*and* centralize mail relaying. My wildcards point, by and large, to a
central set of mail relays, for instance, which then talk to firewalls
for outbound mail, or to internal gateways to deliver mail to Lotus
Notes. The two methodologies, centralizing mail relaying and using
wildcard MX'es, are not mutually exclusive. The beauty of this scheme is
that all of our Unix boxes can have exactly the *same*, generic mail
configurations (one per platform, of course). I could change the names of
our central mail relays tomorrow -- meaning, obviously, that I'd also
have to update all of the wildcards -- and none of those Unix boxes would
miss a beat, since they just use DNS *and*nothing*else* for mail routing.
Could you say the same for a "smarthost"-type configuration? Seems to me
that if you changed the name of the smarthost, you'd have a whole bunch
of dependent mail servers to reconfigure...
More information about the bind-users