[Mimedefang] DNS and MX records
John Rudd
john at rudd.cc
Sun May 14 17:59:11 EDT 2006
On May 14, 2006, at 5:53 AM, netguy wrote:
> John Rudd wrote:
>
> [snip]
>
>> Why not have:
>>
>> - domain.tld have an A record (IP addr A)
>>
>> - web server listens to IP addr A on a virtual network interface. (in
>> addition to listening to its regular IP addr on whatever other
>> network interface it already has)
>>
>> - the only ports listening on IP addr A are the web services (nothing
>> on port 25, nothing on sshd, nothing on 110, etc.). It can listen to
>> whatever it wants to on its other IP addr, but on IP addr A it _ONLY_
>> listens to web services.
>>
>> - the web services running on IP addr A only offer HTTP level
>> redirects to the normal web server IP addr (ie. not html tags that
>> redirect, but actual low level http protocol redirects)
>>
> I am a small provider ( tiny ) and have multiple hosted domains behind
> a firewall with smtp,pop3, imap and www all pointing to a server
> behind the firewall. I can't seperate out the ports. Having another
> machine just for www doesn't make any sense to me as my current
> machine does not use much CPU power as it is and it would just add to
> the overhead.
As someone else pointed out, my suggestion doesn't require multiple
machines, it requires 1 machine with multiple public IP addresses.
This does depend on what type of firewall you're using (a real
firewall, or a NAT box) and how/whether it deals with multiple public
IP addresses ... and how many public IP addresses you have/can-get from
your upstream provider.
> Note that since you are advocating an A record for domain.tld, this
> does nothing for the network bandwidth that the spammers would
> consume. Sure it is not much now, but.... who knows?
The only bandwidth they'll consume are the attempted TCP connects which
will be refused (because no port is listening at that IP address).
Tiny compared to them trying to submit actual messages.
More information about the MIMEDefang
mailing list