Re: MX records for non-mail hosts

In article <1172878197.190765.61310@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
"drfremove@xxxxxxxx" <feenberg@xxxxxxxxx> writes:

Lately I have been getting a lot of spam that was originally sent to
feenberg at varioushostnames.nber.org. The spammer does look up the MX
record and send the message to our smtp server. With a score of other
servers, this seems to increase the potential amount of spam rather
dramatically. Several people have told me that "it is good practice to
have an MX record for every host" but haven't said why. Is it just so
that mail to root at host has a good place to go? I might have another
way of handling that mail.

I believe the thinking is (or rather was) that you should handle mail
mis-addressed to user@xxxxxxxxxxxxxxxxx in a "nice" way, with "nice"
primarily meaning "don't let it sit in a queue for 5 days before
bouncing it", which is what will happen without both MX records and SMTP
service on the host ("connection refused" will be treated as a temporary
failure by a properly working SMTP client).

Putting in MX records for all hosts, actually accepting the mail at the
MX, and delivering it as if correctly-addressed is one way to do this,
but obviously at best some amount of work for very little benefit, or
even as you point out actually harmful. Another way is to actively
reject such mis-addressed mail - but you probably don't want to run a
full-fledged SMTP server just for that.

To this end there was an RFC written that specified a 5xx code that
could be given immediately on connection instead of the greeting, which
would allow for a really trivial implementation - a shell script fired
up from (x)inetd could certainly do it. I've forgotten the number of
that RFC, but I see that this has made its way into 2821, see section
3.1.

But in any case, I'm not aware of any standard or even "best current
practice" document that says that you should do any of this - if you
can't see how it would be useful in your environment, feel free to just
don't bother. Of course, you should then avoid generating any mail that
has a sender address of user@xxxxxxxxxxx, including the case of user ==
"root" - there's no law that forbids you from masquerading root's mail,
it's just a default if you use the domain/generic.m4 file (via
DOMAIN(generic) in the .mc) that comes with the sendmail distribution.

--Per Hedeland
per@xxxxxxxxxxxx
.

Relevant Pages

  • Re: SmtpMail.Send() No Error but no Email either.
    ... *my* ASP.NET program has the recipient address hard coded ... could spam whoever you want through my shared hosts SMTP server. ... would only work on the host (some kind of permission for the ASP.NET ... The mail will be delivered to the "TO:" address by your SMTP server. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: SmtpMail.Send() No Error but no Email either.
    ... Your SMTP server should have its "Relay Restrictions" set. ... If you set the relay restrictions to only allow traffic from the same machine IP ... And of course anyone can spam me through the ... nagging feeling because it works from both my local test machine and the shared host. ...
    (microsoft.public.dotnet.framework.aspnet)
  • MX records for non-mail hosts
    ... Lately I have been getting a lot of spam that was originally sent to ... feenberg at varioushostnames.nber.org. ... record and send the message to our smtp server. ... have an MX record for every host" but haven't said why. ...
    (comp.mail.sendmail)
  • Re: Exchange Hijacked
    ... >Lot's of spammers use domains that either have no inbound SMTP server, ... find the compromised user account ... Thats a lot of spam and a lot of email addresses, ... > Turn off the ability for authenticated users to realy and see what ...
    (microsoft.public.exchange.admin)
  • Re: Sendmail- Is this correct.?
    ... > Paul Howarth wrote: ... as it's a requirement to have the address in a DNS ... I sort of believed that if you used 'smart host' that if the smart host ... >From Cox.net SMTP server ...
    (Fedora)