spam filter and MX records

Mark Andrews Mark_Andrews at isc.org
Wed Feb 1 03:27:04 UTC 2006 

> 
> On 31 Jan 2006, at 15:20 PST, barber.greg at gmail.com wrote:
> 
> > Well it's kind of a strange setup the mailer and the webmail interface
> > all reside on machine. Prior to the filter being put in place no MX
> > existed for this machine it was only an A record set to the email
> > domain so instead of being mail.xyz.123.edu or mx.xyz.123.edu it's A
> > record was just xyz.123.edu. I thought in a situtation like this the
> > change would be warranted in case the filters went offline foreign
> > mailers would sense that xyz.123.edu was down and requeue the message
> > instead of delivering straight to xyz.123.edu via the A record.
> 
> I presume from your comments that xyz.123.edu is a subdomain of the  
> parent 123.edu domain and that an A record had been defined to allow  
> mail to be sent to "user.mailbox at xyz.123.edu".  Further the A record  
> that is associated with the domain name contains the IP address of  
> the mail server.
> 
> For robustness, the strategy employed by sendmail and Exchange's IMS  
> is to query DNS for any record associated with xyz.123.edu.  The DNS  
> response will contain A, MX, NS, and any other associated record.
> 
> If an MX record exists, sendmail and IMS will prefer to use this to  
> deliver mail and will select the MX record with the lowest preference  
> value.  If the system with the lowest preference value is not  
> reachable, they will attempt to deliver mail using an MX record with  
> a higher preference value.  If all of the systems identified in MX  
> records are unreachable and there is an A record for the resource,  
> they will attempt to deliver the mail using the A record.

	Any MTA that falls back to A / AAAA records when MX records
	are present is BROKEN.

	A MTA is only supposed to fallback to a A / AAAA record when
	there are *no* MX records.
 
> If you want all your mail relayed through a defined mail exchange  
> system and never directly, you need to specify on one of your MX  
> records a preference value of 0.  This informs sendmail and IMS that  
> you will only accept mail relayed through this system.

	0 is not a special value.
 
> Most of the mail systems that don't understand MX records have been  
> retired.  There are a few still out there.  To address this type of  
> system, I would set the subdomain's A record to the address of your  
> preferred or only mail exchange system:  in your case, the mail  
> filter system.
> 
> As you can see, a part of the problem is understanding how systems  
> make use of the information in DNS.
> 
> 
> Merton Campbell Crockett
> m.c.crockett at adelphia.net
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list