Klez bypasses MX records
Joseph S D Yao
jsdy at center.osis.gov
Thu Oct 3 23:38:22 UTC 2002
On Thu, Oct 03, 2002 at 07:31:48PM -0400, Kevin Darcy wrote:
> I agree with the suggestion that web servers should be separated from mail
> servers, but in addition to that, I think it might behoove you to actually block
> port 25 to the mail server and/or configure the mail server to only accept mail
> from the anti-virus scanner. Removing the A record for tcoe.org is effectively
> only Security Through Obscurity, since your extranet can be scanned for port 25...
I didn't suggest this because he has his SMTP server on a lower-priority
MX record, presumably in case the AV server goes down.
It is possible to set up your SMTP server so that any e-mail NOT coming
from the AV server gets sent there, first.
--
Joe Yao jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
PLEASE ... send or Cc: all "OSIS Systems Support"
mail to sys-adm at center.osis.gov
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list