[Wolves] MX records

Simon Burke simon.burke at gmail.com
Thu Feb 17 15:28:00 GMT 2005


On Thu, 17 Feb 2005 15:16:29 +0000 (GMT), chris procter
<chris-procter at talk21.com> wrote:
>  --- Simon Burke <simon.burke at gmail.com> wrote:
> > HI,
> >
> > Currently my mail server (exchange) :( is currently
> > setup to just poll
> > a pop3 account for e-mail. Which IMO is a waste of
> > the exploitive cost
> > of exchange,
> 
> Actually this setup works reasonably if you expect
> your  net connection between the (presumably
> externally hosted) pop3 server and your (internally
> hosted) exchange server to be unreliable. Mail will
> build up on the pop3 server untill exchange next
> manages to get a connection to it and download the
> emails, wether the connection is down 5 minute or 5
> years. Of course it still doesn't need to be exchange,
> a *nix mailserver could poll just as well.
> 
It's the *nix server can poll just as well bit i was referring to, If
it was up to me thats how i prefer to do it, but they insist on
exchange as it 'flawlessly' integrates with AD.

> > At the momment they are saying 'oh, its less secure
> > to do it via MX
> > records' (and i get the impression that they don't
> > understand how
> > e-mail works corectly).
> 
> Ahem. find a box with nslookup installed and try
> nslookup -type=mx microsoft.com
> and you'll find the mx records for microsoft, if that
> doesn't ease your security fears ( ;-) ) then try
> nslookup -type=mx cia.gov
> nslookup -type=mx nsa.gov
> 
> Which gives you the CIA and the NSA (a bit of digging
> gave me gchq.co.uk as well) mx records respectivly and
> if they're not worried about security well does your
> company expect the KGB to be interested in them?

Yet again they are huge fans of M$ though they are showing an interest
in open-sourced technologies. Thats why i am here, to show them the
way, (don't you feel sorry for them?) heh

> 
> >From a security point of view MX records are not
> really a risk, all the risks come from running a
> mailserver. Are they getting confused between MX
> records and the server that the MX records point to?
> If the MX records point to you (rather then an ISP) it
> means you're running your own mailserver and so have
> to deal with that set of security risks yourself
> instead of paying your ISP to deal with them.
> 
This is true, the main issue i have is that the y pretty much always
believe common misconceptions and fallacies, and so i have to try and
correct them, though the dont like to admit being wrong.
-- 
Theres no place like ::1

Thanks,
SimonB

http://simon.geek-web.co.uk



More information about the Wolves mailing list