|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Sender access restrictions by connecting back to the MX/A server(s) - An example
From: Guido Van De Velde (Guido.VanDeVelde
cc.kuleuven.ac.be)
Date: Thu Oct 02 2003 - 04:08:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I take one example about what happens : a mail coming from one of our
internal systems, onyx.arts.kuleuven.ac.be . The mail has a from=
useronyx.arts.kuleuven.ac.be This host has several mx's :
IN MX 5 onyx.arts.kuleuven.ac.be.
IN MX 10 limbak.cc.kuleuven.ac.be.
IN MX 10 kromsin.cc.kuleuven.ac.be.
IN MX 20 cavin.kuleuven.be.
IN MX 30 cavin01.kuleuven.be.
IN MX 30 cavin02.kuleuven.be.
IN MX 30 cavin03.kuleuven.be.
Four of them are reachable from the Internet, the highest priorties
aren't. The from address exists, bounces/replies _do_ come back (for
those who don't stick to only the first mx), but the "callback" fails,
so the message is refused...
If you have a complex and open company structure (like in our situation,
about 200 fysical sites, 25 internal smtp-servers), central
smtp-servers/gateways cannot keep track with "downstream" email users,
but they _are_ needed for protecting this strcuture. A (bounce-)
message to a non-existant user will be addressed by the internal
smtp-server, so connecting to the Internet edge-server doesn't garantee
the existance.
guido
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]