basic MX question

Tony Finch dot at dotat.at
Thu Oct 28 11:25:56 UTC 2010


On Thu, 28 Oct 2010, fddi wrote:
>
> I am going to start in production environment a bunch of 3 mail servers for my
> domain, let'say mydomain.com
>
> I need to install a X509 certificate on each server in a way that upon
> x509 authentication thunderbird or whatever MUA won't complain about
> hostname different from certificate subject name of the mail server, and
> I also need round robin feature to have SMTP traffic load balanced
> between different SMTP servers.

MX records are not used by MUAs.

What you want to do is set up a name used by MUAs for message submission,
e.g. smtp.mydomain.com. This will have multiple A (and perhaps AAAA)
records, one for each of your message submission servers. These servers
should listen on port 587 and perhaps ports 25 (and maybe smtps on 465 for
compatibility with old Microsoft MUAs that cannot talk on port 587
correctly). They should only accept mail that uses TLS and AUTH.

For incoming mail from MTAs at other domains, I recommend setting up
separate IP addresses that listen on port 25, since sharing port 25 for
message submission and inter-domain mail limits the anti-spam techniques
you can use. You can still use the same mail servers for both purposes if
you configure two IP addresses on each server and configure your MTA to
treat them differently. Set up a name such as mx.mydomain.com to collect
the A records, and point the MX record for mydomain.com at
mx.mydomain.com.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR
ROUGH. RAIN THEN FAIR. GOOD.



More information about the bind-users mailing list