[Wolves] MX records
Jon Masters
jonathan at jonmasters.org
Thu Feb 24 04:13:57 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jon Farmer wrote:
| Simon Burke wrote:
|
|> At the momment they are saying 'oh, its less secure to do it via MX
|> records' (and i get the impression that they dont understand how
|> e-mail works corectly).
| It's impossible to do SMTP mail exchange without MX records over the
| internet.
[ anal pedant hat on ]
Actually, I also thought this until recently. But it's technically not.
In fact, the standard says that a mail server should fall back to using
the A record for a domain and try squirting the mail data there. It also
happens to be true that M$ et al screw this up badly so you need MX.
The people Simon is dealing with likely feel that running a mail server
listening to the outside world at large introduces security risks.
They're obviously right too. But the point is that these risks can be
somewhat mitigated if things are done right.
I suggest sticking something in front of Exchange if it is to receive
mail from offsite connections - I've done transparent exim proxying in
the past, in order to avoid the situation where one is reliant on
Exchange not being ridden with more holes than swiss cheese.
Cheers,
Jon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCHVR0eTyyexZHHxERAjVmAJ9xZy3ZNG9tvCZV6QdewgrFDLx2UQCfVfpd
HRIBlNgMjZ0a49P6Bzrkm98=
=CLan
-----END PGP SIGNATURE-----
More information about the Wolves
mailing list