That's what I was thinking. How do you configure the cache-only?
Thanks,
Ben
----- Original Message -----
From: "John T (Lists)" <[EMAIL PROTECTED]>
To: <Declude.JunkMail@declude.com>
Sent: Saturday, April 01, 2006 1:59 AM
Subject: RE: [Declude.JunkMail] recursion turned off causes higher JM
scores?
What I do is install the MS DNS service on the Imail server, configure it
for cache only allowing recursion, and point Imail and Declude to that. Make
sure your firewall is configured to not allow the world to make DNS queries
against it and you are set.
John T
eServices For You
"Seek, and ye shall find!"
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of IMail Admin
Sent: Saturday, April 01, 2006 12:20 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] recursion turned off causes higher JM
scores?
Hi Sandy,
OK, I've got recursion back on, so now I get email again. I hate to think
how many complaints I'm going to have in the morning. Fortunately, most
of
our clients aren't as aggressive as I am in deleting spam based on rating.
I understand what you're saying, and I thank you for the explanation. I'm
not real anxious to get into SimpleDNS (and I've read enough complaints
about BIND to be cautious) first, because of cost, and, second, because
it's
one more complication. However, I was thinking about something else I
read
here.
There was some discussion about running a cache-only DNS server for
IMail/Declude. I didn't read most of the thread, and I never saw how to
make the DNS serve cache only, but I was thinking that if I had a
cache-only
server that is only available to the mail server, then I can leave on
recursion for it and it won't matter because it wouldn't be available to
the
public. The public DNS servers I can then turn off their recursion
feature.
What do you think?
Thanks again,
Ben
----- Original Message -----
From: "Sanford Whiteman" <[EMAIL PROTECTED]>
To: "IMail Admin" <Declude.JunkMail@declude.com>
Sent: Saturday, April 01, 2006 12:06 AM
Subject: Re: [Declude.JunkMail] recursion turned off causes higher JM
scores?
>> That's when the JM scores got so high. I'm testing a different
>> config now: allow recursion on the Forwarders tab, but disable it on
>> the Advanced tab. I won't know if this works until I get some
>> messages. In the meanwhile, can anyone explain this to me?
>
> You _must_ allow recursion for the Declude server, or it will not be
> able to resolve zones for which it is not authoritative (i.e. every
> domain you do not own).
>
> You do not need to allow recursion for the wild Internet, however.
>
> But MS DNS has a weakness (not a security weakness exactly, but more
> of a functional one) in that recursion is either on or off, globally,
> for the DNS service. This means that if you are hosting authoritative
> zones on the box, and thus need to expose the box to the outside
> world, and that same box is providing recursive DNS to internal
> servers or users, then you are effectively providing recursive DNS to
> the outside world as well (if someone should choose to abuse you for
> this purpose).
>
> The way around this is to use SimpleDNS or BIND on the server you
> expose to the outside, which both have means of limiting recursion
> without completely disabling it. The simplest install, to my mind,
> without a full migration off MS DNS (a full migration causing soluble,
> but unfun, issues in AD domains), is to run SimpleDNS and MS DNS on
> the same box by binding each one to a different IP. Expose SimpleDNS
> without recursion and make it a secondary for the authoritative zones.
> Keep MS DNS as your primary and as your internal recursive DNS. Done.
>
> --Sandy
>
>
> ------------------------------------
> Sanford Whiteman, Chief Technologist
> Broadleaf Systems, a division of
> Cypress Integrated Systems, Inc.
> e-mail: [EMAIL PROTECTED]
>
> SpamAssassin plugs into Declude!
>
>
http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release
/
>
> Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail
> Aliases!
>
>
http://www.imprimia.com/products/software/freeutils/exchange2aliases/downloa
d/rel
ease/
>
>
http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/re
lease/
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
>
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
