[Mimedefang] ANNOUCEMENT: Net::validMX v2.2.0 now available.
Kevin A. McGrail
kmcgrail at pccc.com
Fri Jun 2 09:19:21 EDT 2006
On Fri, Jun 02, 2006 at 07:09:37AM -0400, David F. Skoll wrote:
> Kevin A. McGrail wrote:
> > Also 192.168.X.X is fine if the MX records also contains internet
> > accessible addresses. So:
> > munged.com IN MX 25 [legit ip]
> > munged.com IN MX 10 [privatized ip]
> I disagree. If you publish a 192.168.x.x record as a public MX, you
> have no idea where your mail will go. What happens if on Customer X's
> network, someone sets up a malicious server at 192.168.x.x that
> intercepts all outgoing mail and replaces it with inflammatory mail?
> IMO, any domain that publishes *any* bogus MX record should be rejected.
I *don't* configure things this way from experience years ago but the scenario above is right out of manuals for things like SAV SMTP by Symantec. It is used by legitimate firms and I've chosen to accept it to prevent collateral damage.
However, it is a constant in the code that can be changed easily and v2.3.0 will have the option overridable on a call-by-call basis. So we can agree to disagree and the module will be suitable for either point of view.
More information about the MIMEDefang