spam filter and MX records
Merton Campbell Crockett
m.c.crockett at adelphia.net
Wed Feb 1 03:08:20 UTC 2006
On 31 Jan 2006, at 15:20 PST, barber.greg at gmail.com wrote:
> Well it's kind of a strange setup the mailer and the webmail interface
> all reside on machine. Prior to the filter being put in place no MX
> existed for this machine it was only an A record set to the email
> domain so instead of being mail.xyz.123.edu or mx.xyz.123.edu it's A
> record was just xyz.123.edu. I thought in a situtation like this the
> change would be warranted in case the filters went offline foreign
> mailers would sense that xyz.123.edu was down and requeue the message
> instead of delivering straight to xyz.123.edu via the A record.
I presume from your comments that xyz.123.edu is a subdomain of the
parent 123.edu domain and that an A record had been defined to allow
mail to be sent to "user.mailbox at xyz.123.edu". Further the A record
that is associated with the domain name contains the IP address of
the mail server.
For robustness, the strategy employed by sendmail and Exchange's IMS
is to query DNS for any record associated with xyz.123.edu. The DNS
response will contain A, MX, NS, and any other associated record.
If an MX record exists, sendmail and IMS will prefer to use this to
deliver mail and will select the MX record with the lowest preference
value. If the system with the lowest preference value is not
reachable, they will attempt to deliver mail using an MX record with
a higher preference value. If all of the systems identified in MX
records are unreachable and there is an A record for the resource,
they will attempt to deliver the mail using the A record.
If you want all your mail relayed through a defined mail exchange
system and never directly, you need to specify on one of your MX
records a preference value of 0. This informs sendmail and IMS that
you will only accept mail relayed through this system.
Most of the mail systems that don't understand MX records have been
retired. There are a few still out there. To address this type of
system, I would set the subdomain's A record to the address of your
preferred or only mail exchange system: in your case, the mail
filter system.
As you can see, a part of the problem is understanding how systems
make use of the information in DNS.
Merton Campbell Crockett
m.c.crockett at adelphia.net
More information about the bind-users
mailing list