From: "Gerardo Gregory" <[EMAIL PROTECTED]> > Well if he would post the domain in question then I would consider your > point. But all I have read today is using "brokendomain.com" as an example.
If you are refering to me as 'he', I will answer your question. I do not wish to cause the admin of this ISP any additional grief that I am causing him directly (i.e. I don't want people flaming him). I can give you all the information you wish without revealing the domain, and I also am not interested in you fixing my problems. My question is a simple one: "Does courier accept email from a domain with the first three MX records broken". > How do you know what MX record is working or not? Whats the domain name? > Let me do some queries using nslookup, then I might be more open to > discussion. > You question the term broken; I have explained several times that the term broken for the first two entries implies that they do not have corresponding 'A' records. The third MX has an IP address in place of a hostname. These are obviously broken. The program 'testmxlookup', which tests the rfc1035 code reaffirms this. > Because all I have read is sounding more and more like a crock of ____ > (ADLIB) I am confused by your emotional response to my posts. Perhapse you are saddened that you can't run your script-kiddies on the domains that I am writing about? I'm not attempting to make changes to any RFCs nor do I desire that courier 'act' like sendmail. I only have a legitimate question that I have not yet seen a response, perhapse I need to run courier in GDB in order to find the answer to this question. > > Especially when it was stated that these where broken for security sakes. > Yeah right! The KRAFT security architecture [RFC 10101010101] - swiss cheese > style!!! > > Maybe that admin can give a presentation at a SANS conference and explain > his ideology of securing your SMTP server by "breaking" [whatever breaking > means] MX records...'us' in the security field are anxious to deploy this > method as quickly as possible since then we wont have to "fidget with > sendmail" as was stated in his earlier post [laziness if you ask me]. > > Furthermore read the subject...it says first TWO mx entries are bad, then > read the threads posted all day, where the story becomes only one bad MX > entry and two legit for spam boxes... > > The information provided changes over and over... > > I referred the RFC in case you feel the need to change the definition of a > legit MX record in RFC 1035 (or STD 0013). RFC [2926] tells you how to > submit your request, so they can revise the standard and define a broken MX > for all of us who only know one type of MX record...Now where is a broken MX > stated in the definition below? THERE IS ONLY ONE TYPE OF MX RECORD, > ANYTHING ELSE IF PLACED INSIDE THE RECORD FIELD IS INCORRECT. NOW WHAT IS > SO HARD TO UNDERSTAND ABOUT THAT!!!!!!!!!!!!!! > > 3.3.9. MX RDATA format > > +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ > | PREFERENCE | > +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ > / EXCHANGE / > / / > +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ > > where: > > PREFERENCE A 16 bit integer which specifies the preference given to > this RR among others at the same owner. Lower values > are preferred. > > EXCHANGE A <domain-name> which specifies a host willing to act as > a mail exchange for the owner name. > > MX records cause type A additional section processing for the host > specified by EXCHANGE. The use of MX RRs is explained in detail in > [RFC-974]. > > > Anyway...do whatever you feel.."break" all of them for all I care...see how > far that gets you in the real world. > > Gerardo > > Roger B.A. Klorese writes: > > >> Explain me your ideology here...it is either a CORRECT one or NOT. > > > > It doesn't matter if any of them are incorrect/broken. It only matters if > > *all* of them are. Just as you shouldn't refuse to access foo.bar.com > > because an A record for zap.bar.com is malformed, you shouldn't refuse to > > try the 7th MX for bar.com because the 3rd one is malformed. > > > >> Now if you want the acceptance of broken MX records are being > >> legitimate DNS > >> entries by the internet community then I refer this again > RFC 2926 > > > > What does 2926 have at all to do with MX records? > > ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
