- Previous message: Olaf: "Re: block numeric MX"
- Maybe in reply to: Olaf: "Re: block numeric MX"
- Next in thread: Noel Jones: "Re: block numeric MX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Chad M Stewart (no email)
Date: Sun Jan 02 2005 - 08:34:39 EST
On Dec 31, 2004, at 8:10 PM, Craig Sanders wrote:
> On Fri, Dec 31, 2004 at 02:34:03PM +0100, Olaf wrote:
>>> Can't. You need a policy server (or maybe some spamassassin rules??)
>>> to check for a sender domain with only numerical MX records.
>>
>> Hmm... but then the name check_sender_mx_access is misleading if it
>> checks A records also.
>
> it's not misleading. it's USEFUL to be able to block mail from
> domains where
> the MX record resolves to, e.g., an RFC-1618 private address, or
> 127.0.0.1.
Actually MX records are NOT allowed to point to IPs. I'd argue that any
MX that resolves to just an IP is bogus. I personally don't care if the
IP is public or private, if they (the zone administrator/postmaster)
can't be bothered to play by the rules, then I can't be bothered to
take their mail. I can't recall the RFC at the moment, but it is
documented. MX records are also not allowed to point to CNAMEs.
Basically MX entries are allowed to resolve to A records only AFAIK.
-Chad
_\|/_
(o o)
----------------------------------------oOO-(_)-OOo------
Chad M Stewart, 80 Cinnamon Circle, Fairport, NY 14450
Phone: 585-202-6643 (voice)
http://balius.com/
"...Mac OS X, Unix, MS-DOS, and Windows [NT|XP] (also
known as the Greatest, the Best, the Bad, and the Ugly)."
---------------------------------------------------------
|
|
|