No associated A record? Explain to me how is one to resolve the hostname in the MX field if we cannot resolve it to an IP.
>>The third MX has an IP address in place of a hostname.
Also an improper MX record. Needs to have a hostname with an associated A record.
So you ask whats wrong?...nothing with Courier...but everything with the DNS entries.
BTW...look at Sam's response as to your statement regarding the code in Courier which you posted.
>>Perhapse you are saddened that you can't run your script-kiddies on >>the domains that I am writing about?
You mean the domain(s) that "for security" reasons had configured their DNS with two MX entries that had a domain name which had no associated A records, and the other MX with an IP address? All three are wrong, and in no way offering any security!
Well, I think I have already baraged enough on this subject, and it is now back to square one...you can take a horse to water but you can not make him drink!
Run my scripts???....ha ha ha ha ha.....obviously you have me confused with someone else...
Gerardo
Kirk A Wolff wrote:
From: "Gerardo Gregory" <[EMAIL PROTECTED]>
Well if he would post the domain in question then I would consider your point. But all I have read today is using "brokendomain.com" as an
example.
If you are refering to me as 'he', I will answer your question. I do not wish to cause the admin of this ISP any additional grief that I am causing him directly (i.e. I don't want people flaming him). I can give you all the information you wish without revealing the domain, and I also am not interested in you fixing my problems. My question is a simple one: "Does courier accept email from a domain with the first three MX records broken".
How do you know what MX record is working or not? Whats the domain name? Let me do some queries using nslookup, then I might be more open to discussion.
You question the term broken; I have explained several times that the term broken for the first two entries implies that they do not have corresponding 'A' records. The third MX has an IP address in place of a hostname. These are obviously broken. The program 'testmxlookup', which tests the rfc1035 code reaffirms this.
Because all I have read is sounding more and more like a crock of ____ (ADLIB)
I am confused by your emotional response to my posts. Perhapse you are saddened that you can't run your script-kiddies on the domains that I am writing about?
I'm not attempting to make changes to any RFCs nor do I desire that courier 'act' like sendmail. I only have a legitimate question that I have not yet seen a response, perhapse I need to run courier in GDB in order to find the answer to this question.
Especially when it was stated that these where broken for security sakes. Yeah right! The KRAFT security architecture [RFC 10101010101] - swiss
cheese
style!!!
Maybe that admin can give a presentation at a SANS conference and explain his ideology of securing your SMTP server by "breaking" [whatever breaking means] MX records...'us' in the security field are anxious to deploy this method as quickly as possible since then we wont have to "fidget with sendmail" as was stated in his earlier post [laziness if you ask me].
Furthermore read the subject...it says first TWO mx entries are bad, then read the threads posted all day, where the story becomes only one bad MX entry and two legit for spam boxes...
The information provided changes over and over...
I referred the RFC in case you feel the need to change the definition of a legit MX record in RFC 1035 (or STD 0013). RFC [2926] tells you how to submit your request, so they can revise the standard and define a broken
MX
for all of us who only know one type of MX record...Now where is a broken
MX
stated in the definition below? THERE IS ONLY ONE TYPE OF MX RECORD, ANYTHING ELSE IF PLACED INSIDE THE RECORD FIELD IS INCORRECT. NOW WHAT IS SO HARD TO UNDERSTAND ABOUT THAT!!!!!!!!!!!!!!
3.3.9. MX RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PREFERENCE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / EXCHANGE / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
PREFERENCE A 16 bit integer which specifies the preference given to this RR among others at the same owner. Lower values are preferred.
EXCHANGE A <domain-name> which specifies a host willing to act as a mail exchange for the owner name.
MX records cause type A additional section processing for the host specified by EXCHANGE. The use of MX RRs is explained in detail in [RFC-974].
Anyway...do whatever you feel.."break" all of them for all I care...see
how
far that gets you in the real world.
Gerardo
Roger B.A. Klorese writes:
Explain me your ideology here...it is either a CORRECT one or NOT.
It doesn't matter if any of them are incorrect/broken. It only matters
if
*all* of them are. Just as you shouldn't refuse to access foo.bar.com because an A record for zap.bar.com is malformed, you shouldn't refuse
to
try the 7th MX for bar.com because the 3rd one is malformed.
Now if you want the acceptance of broken MX records are being legitimate DNS entries by the internet community then I refer this again > RFC 2926
What does 2926 have at all to do with MX records?
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
-- Gerardo A. Gregory Manager Network Administration and Security ------------------------------------------------ Affinitas - Latin for "Relationship" Helping Businesses Acquire, Retain, and Cultivate Customers Visit us at http://www.affinitas.net
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
