Re: [Exim] Slightly OT DNS<->MTA problem

Top Page
Delete this message
Reply to this message
Author: Exim Users Mailing List
Date:  
To: Sascha E. Pollok
CC: exim-users, sv
Subject: Re: [Exim] Slightly OT DNS<->MTA problem
[ On Thursday, March 29, 2001 at 11:06:34 (+0200), Sascha E. Pollok wrote: ]
> Subject: [Exim] Slightly OT DNS<->MTA problem
>
> this might have been discussed before and is somewhat related
> to DNS and not to EXIM but imagine a customer has a zone-file
> like this:
>
> @        IN MX mail.customer.com.
>          IN MX 2nd-mail.isp.com.

>
> www      IN A  192.168.1.1
> mail     IN A  192.168.1.2

>
> And the customer want's his web-site to be accessible through
>
> http://customer.com additionally, we could put a CNAME in
> the zone file or:
>
>          IN A  192.168.1.1

>
> What we get then is, that some MTAs try to send SMTP-mail
> to that host instead of looking up the MX-records. Is there
> any chance to circumvent this?


Well first off you cannot put a CNAME in the zone file for what would
amount to "@ IN A 192.168.1.1". CNAMEs must never have any other
records with the same name. That's flatly illegal.

What you want is a zone file that looks like this (substituting the real
IP# for 192.168.1.1, of course):

    $TTL 4h        ; default TTL


    @    IN SOA    ns.customer.com. postmaster@???. (
                2001032900    ; Serial (yyyyMMddHH)
                4h        ; Refresh Period
                2h        ; Refresh retry interval
                1w        ; negative response TTL
                4h )
        IN NS    ns.customer.com.
        IN NS    ns.isp1.com.
        IN NS    ns.isp2.com.
        IN A    192.168.1.1        ; for http://customer.com/
        IN MX    0 mail.customer.com.


    www    IN A    192.168.1.1
        IN MX    0 mail.customer.com.    ; use www if it has a mailer


    mail    IN A    192.168.1.2
        IN MX    0 mail.customer.com.


No more, no less. (well, more hosts are OK, but those are out of the
scope of this example)

You really really really do *NOT* want any secondary MXs. If the mail
host is not reachable then you want the mail to queue on the sender's
machine, not the ISPs, and you definitely don't want to have fights with
the ISP over what spam should be blocked and what should not. No
permanently connected mailer should *ever* have a secondary MX in
today's Internet (let alone need one!).

You don't really want any wildcard MXs either -- they only make the
postmaster's job into a nightmare.

-- 
                            Greg A. Woods


+1 416 218-0098      VE3TCP      <gwoods@???>      <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>