[Mimedefang] Mail Admin Question

John Nemeth jnemeth at victoria.tc.ca
Fri Aug 17 15:12:38 EDT 2012


On Jan 7,  8:44am, "Kevin A. McGrail" wrote:
} On 8/17/2012 1:49 PM, David F. Skoll wrote:
} > Proficiency at installing Exchange is *inversely* correlated with
} > competence.
} >> Wow ... where did all this come from?
} > Years of customer support for lots of small businesses who use
} > Exchange.
} Now you missed the perfect snarky moment to tell Jon we were actually 
} talking about him.
} > Pop quiz: How many Microsoft shops do you know who name all their
} > servers with FQDNs ending in ".local" or ".lan"?  How many Microsoft
} > Exchange installations do you know that don't reject nonexistent RCPT:
} > commands?  (Answer to both questions: Most of them.)
} To play devil's advocate, I actually can put a good spin on both of these.
} 
} A) Microsoft's Active Directory Domains pre-date the general concept of 
} Internet Domains.  When the two got combined it causes a lot of issues 
} and especially causes issues when an AD thinks it is named, for example, 
} rp.com but isn't authoritative for DNS.
} 
} The "correct" solution is to name the server locally rp.local since it 
} isn't a real internet domain and then use rp.com in the FQDN for the 
} forward facing ports like SMTP.

     Maybe for systems that have been around for a long time.  New
installs should be perfectly fine using a proper internet domain.

} And to Microsoft's credit, I'm pretty sure this has been in their best 
} practices for at least a decade.  I believe starting with SBS 2003 they 
} now enforce using .local because that's really for Active Directory.

     Not surprising, given the target market for SBS.

} B) Many people, Microsoft included, consider responding to nonexistent 
} RCPT commands as a security vulnerability because it answers whether an 
} account is valid or not.  A search of PrivacyOptions and noexpn, novrfy 
} will validate that this isn't just Microsoft's position.

     Uh, e-mail addresses don't necesarily map directly to accounts,
and in large systems they usually don't.  Really, this is nonsense.
And, backscatter is extremely anti-social behaviour.

}-- End of excerpt from "Kevin A. McGrail"



More information about the MIMEDefang mailing list