Re: smtp redirection

[Tom Bossie <tbossie () CITADEL COM>]

Yes...but we are still in the realm of middle earth!

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks
Sent: Tuesday, May 10, 2005 3:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] smtp redirection

On Tue, 10 May 2005 14:32:09 CDT, John said:

> We are redirecting smtp traffic inbound to some campus mail servers via MX
> records in our DNS to an anti-spam appliance (Bluecat Meridius) and find
> some email circumvents the appliance apparently by using DNS IP lookup for
> host resolution and not using MX records to send mail to mail servers on
our
> campus. The vendor recommends blocking inbound port 25 to the campus mail
> servers from the internet. I favor this approach. However the mail folks
are
> concerned that some legitimate email may be dropped this way.

It's been *many* moons since anything except ratware failed to do MX
handling
in some reasonable manner.  I mean, come *ON*, MX records were defined in
RFC973.

Back in January 1986.

If your mail folks can identify a system *still* on the Internet that's
running
software *so* old that it can't do MX, please let me know - as far as I
know,
all systems that stored 6 6bit, 5 7-bit, or 4 9-bit characters in a 36-bit
word
had long since boarded the Elven ships at the Grey Havens and passed into
the
West, taking their magic and mystery with them.



**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Attachment: smime.p7s
Description: