Alternative to Wildcard MX record

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed May 23 00:14:26 UTC 2001 

> 
> Hi,
> 
> I would like all incoming mail (including mail addressed to
> randomhost.domain.com) to be sent to a single server mailhost.domain.com  
> Then I could do lots of nice simplifications like:
> 
>   - shut down port 25 on local hosts 

	This is a good thing to do.  You still need to run sendmail in
	queue checking mode only (-q<interval> no -bd) or from cron (-q)
	to pick mail queued due to temporary failures.

>   - possibly run some single point virus scan before 
>     delivering the mail
>   - have really simple client sendmail.cf, i.e. generated by the mc file
> 	divert(-1)
> 	divert(0)dnl
> 	VERSIONID(`xxxxxxxxxx')
> 	OSTYPE(solaris2)dnl
> 	FEATURE(nullclient, $m)

	Done similar in the past.  I works.

> 
> I know wildcard MX records are a bad idea, so what other ways can I
> accomplish this domain level funnel for incoming mail? I have tried the
> following and none of them are really as clean as I'd like:
> 
> 1.  Add all my hosts to /etc/mail/local-hosts-names
>     This works, but every time I add a host to my network I have to 
>     update this file too.  Yuk.  Also prone to errors.  Are there wildcard
>     allowed here?  I haven't looked at the sendmail code...

	You need to do this or teach sendmail on your main machine to strip
	off the host component.  There is most probably a knob to do this
	already.

> 
> 2.  Add MX records for each host in DNS.  Also Yuk.  Adds more traffic to
>     DNS server, makes zone file twice as big, it has to be updated each
>     time a host is added.  (This is not so bad since I have to add the A
>     record to DNS anyway, but it still seems like extra effort when I know
>     every MX record is going to be the same in advance), and when I tried
>     this I got the mail loops back to self problem... Hmmmm.

	If you want all incoming mail funnelled through a single point you
	need to do this.  If will actually reduce the number of queries
	as the MTA's will query for the MX records.  You can handback a MX
	record with a reasonable TTL (e.g. 1 day) or hand back a negative
	answer which if you are lucky will be cached for upto 3 hours but
	may not be cached at all.  Also once they have the MX record they
	don't need to query for the A record.

> 
> I'm posting this to comp.mail.sendmail and to the bind mailing list since
> a good solution could come from either DNS or sendmail (or both!)
> 
> Thanks,
> Lew Lefton
> 
>  -----------------------------------------------------------------------
> | Lew Lefton, IT Director         | Phone:     (404) 385-0052           |
> | School of Mathematics           | FAX:       (404) 894-4409           |
> | Georgia Institute of Technology | e-mail:    llefton at math.gatech.edu  |
> | Atlanta, GA  30332-0160         | http://www.math.gatech.edu/~llefton |
>  -----------------------------------------------------------------------
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list