[Mimedefang] MX -> 127.0.0.1
Fernando Gleiser
fgleiser at cactus.fi.uba.ar
Mon Sep 12 17:00:18 EDT 2005
On Mon, 12 Sep 2005, David F. Skoll wrote:
>
>> Any MX of 127.0.0.1 is not only broken but malicious. However, I'd
>> expect it to be pretty common to have multiple MX's mixing public
>> and private targets on the assumption that inside hosts would hit
>> the working private number and outside hosts would fail and then
>> connect to the public address. It's a bad assumption, since anyone
>> else might have a different server at that same private address, but
>> I'd still guess somebody does it.
>
> I would reject mail from a domain that does that. If I publish
> 192.168.1.1 as an MX record, all kinds of bad things could happen
> if outside senders sent me mail, from mail being bounced to sensitive
> information falling into the wrong hands. It's a really dumb idea
> to publish MX records that resolve to private addresses.
Exactly. If you need different MX for both inside and outside users, set up
a split DNS. for the inside users, they ask an internal DNS that answers with
the internal IPs. The external users query a public DNS that answers with
public IPs.
It's easy to set up and solves a bunch of problems. There's no excuse for
publishing RFC1918's IPs in a public DNS
Fer
More information about the MIMEDefang
mailing list