[Mimedefang] DNS and MX records
netguy at sound-networking.com
Sun May 14 08:53:30 EDT 2006
John Rudd wrote:
> Why not have:
> - domain.tld have an A record (IP addr A)
> - web server listens to IP addr A on a virtual network interface. (in
> addition to listening to its regular IP addr on whatever other network
> interface it already has)
> - the only ports listening on IP addr A are the web services (nothing
> on port 25, nothing on sshd, nothing on 110, etc.). It can listen to
> whatever it wants to on its other IP addr, but on IP addr A it _ONLY_
> listens to web services.
> - the web services running on IP addr A only offer HTTP level
> redirects to the normal web server IP addr (ie. not html tags that
> redirect, but actual low level http protocol redirects)
I am a small provider ( tiny ) and have multiple hosted domains behind a
firewall with smtp,pop3, imap and www all pointing to a server behind
the firewall. I can't seperate out the ports. Having another machine
just for www doesn't make any sense to me as my current machine does not
use much CPU power as it is and it would just add to the overhead.
Note that since you are advocating an A record for domain.tld, this does
nothing for the network bandwidth that the spammers would consume. Sure
it is not much now, but.... who knows?
> So, Lazy users who connect to http://domain.tld/* will get a redirect
> to http://www.domain.tld/* Everyone else, including spammers that
> directly connect to domain.tld:25, who try to connect to domain.tld
> (IP addr A) will get nothing. Whether or not you want to give an MX
> record to domain.tld so that it can route email is entirely optional
> at that point.
More information about the MIMEDefang