From: Keith Matthews (no email)
Date: Sat Dec 01 2001 - 04:20:46 EST
Sender,
UNEXPECTED_DATA_AFTER_ADDRESS at dot SYNTAX-ERROR dot
In-Reply-To: <>
References: <3C052225 dot 00001B dot 00553 at ns dot interchange dot ca> <news2mail-9u3jvr$3ac$2 at babel dot spoiled dot org> <7c667t9w33 dot fsf at jdlnx dot coresw dot com>,
<>
X-Mailer: Mahogany, 0.60 'Redmond', compiled for Linux 2.2.13 i686
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-Disposition: INLINE
On Fri, 30 Nov 2001 12:10:45 +0100 Erwan David <Erwan David <Erwan dot David at tr=
usted-logic.fr>> wrote:
> Le Thu 29/11/2001, Bryan Howard disait
> > Juri Haberland <> writes:
> > > You missunderstand the situation. Often you see network setups where =
a
> > > internal mail server sits behind a NATing firewall. It gets its mail
> > > via port forwarding and sends its mail via masquerading. So it
> > > uses in the EHLO/HELO command its FQDN which is a internal name that
> > > often is not resolvable in the Internet. One way to deal with servers
> > > that you prefer is to include the hostname in the external DNS and
> > > give it the IP of the firewall. I don't like this solution, but I
> > > didn't came across a better solution.
> >=20
> > That's one way to handle it. On the other hand, it seems to me that a
> > better way to handle it is to add an MX record for the NATed mail
> > server which directs mail to the host with the externally visable
> > address.
> >=20
> > Please remember that for purposes where an FQDN must resolve, it
> > doesn't necessarily have to resolve to an A record. That's what MX
> > records are *for*.
> That's far easier to do, but does not fit in the sche used by Roger
> Buck (if there is no A record, drop). I would think "If there is
> neihter A nor MX then drop"
Sorry, this does not work.
I get my mail from my ISP by SMTP. I have difficulty checking, but I'm
sure my public MX record points to the ISP's mail servers as I'm on a
dial-up.=20
My firewall has a valid A record, probably visible at all times since
I have a static IP. It has no MX record unless the ISP is doing
something strange every time I connect/disconnect. So how would the
ISP's mail servers talk to mine according to your rules.
(they do not forbid me sending mail directly BTW, although I find it
more convenient not to.)
The problem with many of this type of rule is that they are broken by
smarthosts.
-- Keith Matthews Frequentous Consultants - Linux Services,=20 =09=09Oracle development & database administration - To unsubscribe, send mail to with content (not subject): unsubscribe postfix-users
|
|
|