need organizational hint

Phil Howard phil-info-cyrus at ipal.net
Sun Apr 13 19:46:27 EDT 2003 

On Sun, Apr 13, 2003 at 01:55:04AM -0700, David Lang wrote:

| Phil,
|   I think I do understand what you are looking for and I think there is a
| use for it. however one problem with having no secondary MX is that if
| your machine is unreachable there are some #@!@#$ MTA's that will end up
| sending the mail to the A record for your domain instead of waiting and
| sending it to the MX record when it comes up. if you create domain names
| exclusivly for e-mail this can be made to work correctly, but in most
| cases today people want e-mail for domain.com to go to one server and HTTP
| traffic for that domain to go to another. since DNS contains the MX record
| to redirect the mail but there is not a nice way to redirect the web
| traffic domain.com frequently ends up pointing to the same IP address as
| www.domain.com. the result is MTA's that attempt to deliver mail to your
| webservers.

So the web server won't have anything listening on port 25.  That won't
prevent it from sending mail if it needs to, and that won't prevent it
from picking up mail from the mail server (when it comes back up) via
IMAP.


| for your job it sounds like a compile option for cyrus to run sieve
| earlier in the receiving process and the corresponding options for
| rejecting messages combined with a very small shim to be the MTA->LMTP
| layer would do the job. for starting code for the MDA part I would suggest
| looking into SMTP application proxies, since LMTP isn't designed to be
| exposed to the world it's more likly that there are bugs lurking there
| then in areas that are more exposed and the SMTP proxies do this sort of
| checking (and the IP blacklisting you are also looking for) already. I
| know that there are some proxies out there that do connect to the real
| destination and pass the result code from it back to the sending machine
| (the Raptor firewall proxy does this for example, I don't know what
| opensource proxies also do this)

That's one thing I was considering writing.  But I'll take a look at any
existing programs if you know of their names, or URLs, or a place to grab
a list of them, or a good google keyword.

-- 
-----------------------------------------------------------------
| Phil Howard - KA9WGN |   Dallas   | http://linuxhomepage.com/ |
| phil-nospam at ipal.net | Texas, USA | http://ka9wgn.ham.org/    |
-----------------------------------------------------------------

More information about the Info-cyrus mailing list