spam filter and MX records

Merton Campbell Crockett m.c.crockett at adelphia.net
Wed Feb 1 03:08:20 UTC 2006 

On 31 Jan 2006, at 15:20 PST, barber.greg at gmail.com wrote:

> Well it's kind of a strange setup the mailer and the webmail interface
> all reside on machine. Prior to the filter being put in place no MX
> existed for this machine it was only an A record set to the email
> domain so instead of being mail.xyz.123.edu or mx.xyz.123.edu it's A
> record was just xyz.123.edu. I thought in a situtation like this the
> change would be warranted in case the filters went offline foreign
> mailers would sense that xyz.123.edu was down and requeue the message
> instead of delivering straight to xyz.123.edu via the A record.

I presume from your comments that xyz.123.edu is a subdomain of the  
parent 123.edu domain and that an A record had been defined to allow  
mail to be sent to "user.mailbox at xyz.123.edu".  Further the A record  
that is associated with the domain name contains the IP address of  
the mail server.

For robustness, the strategy employed by sendmail and Exchange's IMS  
is to query DNS for any record associated with xyz.123.edu.  The DNS  
response will contain A, MX, NS, and any other associated record.

If an MX record exists, sendmail and IMS will prefer to use this to  
deliver mail and will select the MX record with the lowest preference  
value.  If the system with the lowest preference value is not  
reachable, they will attempt to deliver mail using an MX record with  
a higher preference value.  If all of the systems identified in MX  
records are unreachable and there is an A record for the resource,  
they will attempt to deliver the mail using the A record.

If you want all your mail relayed through a defined mail exchange  
system and never directly, you need to specify on one of your MX  
records a preference value of 0.  This informs sendmail and IMS that  
you will only accept mail relayed through this system.

Most of the mail systems that don't understand MX records have been  
retired.  There are a few still out there.  To address this type of  
system, I would set the subdomain's A record to the address of your  
preferred or only mail exchange system:  in your case, the mail  
filter system.

As you can see, a part of the problem is understanding how systems  
make use of the information in DNS.


Merton Campbell Crockett
m.c.crockett at adelphia.net

More information about the bind-users mailing list