[Mimedefang] Soliciting opinions on filtering based on bad MX records

Michael Sims michaels at crye-leike.com
Thu Sep 11 17:53:01 EDT 2003 

mimedefang-admin at lists.roaringpenguin.com wrote:
> --On Thursday, September 11, 2003 3:25 PM -0500 Michael Sims
> <michaels at crye-leike.com> wrote:
>
>> If they do, I test each A record, returning true if any one of the
>> records is "bogus", false otherwise.
>
> Does it make sense to reject if any host is bogus, or only if all
> are? I can imagine the case where one has deliberately seeded one's
> MX records with a bogus host (say, as the last MX entry) to catch
> naive spamware.

This may be MY naivete...but I think that such a setup is unwise.  If I, as
a legitimate mail relay, cannot access a domain's primary MX for any reason,
I'm going to try the secondary, etc.  If the secondary points to loopback,
I'm going to assume that the domain doesn't want to receive ANY mail for any
reason, and I will further assume that any mail that claims to be from the
domain in question must be a forgery.  Or worse yet, the domain in question
is a direct spam source.  In either case, it's a worthy criteria to reject
mail, IMHO.

> There are also misconfigured sites that list their internal mail
> server in their external MX records as the first host, with the
> intention that internal hosts will deliver to the internal server and
> their gateway host will forward to it

I have the same feeling on this case as I do the first one.  Maybe I'm
showing my lack of experience here, but I can't imagine anyone with such a
setup would not at least occasionally have problems receiving mail because
of it.  I think these examples can't be as prevalent as mail relays who,
say, don't pass a FQDN in the SMTP EHLO/HELO argument, or those without a
valid rDNS.  The scenarios you outline require that the DNS/mail
administrator take specific action, and I just can't see it happening that
often.  Does your experience suggest otherwise?

Thanks for the feedback...

___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648  Pager: (901)769-3722
___________________________________________

More information about the MIMEDefang mailing list