John Rudd wrote:
[snip]
Why not have:
- domain.tld have an A record (IP addr A)
- web server listens to IP addr A on a virtual network interface. (in
addition to listening to its regular IP addr on whatever other network
interface it already has)
- the only ports listening on IP addr A are the web services (nothing
on port 25, nothing on sshd, nothing on 110, etc.). It can listen to
whatever it wants to on its other IP addr, but on IP addr A it _ONLY_
listens to web services.
- the web services running on IP addr A only offer HTTP level
redirects to the normal web server IP addr (ie. not html tags that
redirect, but actual low level http protocol redirects)
I am a small provider ( tiny ) and have multiple hosted domains behind a
firewall with smtp,pop3, imap and www all pointing to a server behind
the firewall. I can't seperate out the ports. Having another machine
just for www doesn't make any sense to me as my current machine does not
use much CPU power as it is and it would just add to the overhead.
Note that since you are advocating an A record for domain.tld, this does
nothing for the network bandwidth that the spammers would consume. Sure
it is not much now, but.... who knows?
So, Lazy users who connect to http://domain.tld/* will get a redirect
to http://www.domain.tld/* Everyone else, including spammers that
directly connect to domain.tld:25, who try to connect to domain.tld
(IP addr A) will get nothing. Whether or not you want to give an MX
record to domain.tld so that it can route email is entirely optional
at that point.
todh
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
