>
> I'm currently looking at how various operating systems react to a 'ICMP
> administratively prohibited'.
>
> My motivation is setup's where access to the primary mailserver is
> blocked by filters (usually to block open relay's), and all mail has to
> go via the backup MX, a example from a customer of ours.
>
> jesper@freesbee$ host -t mx nemo.dyndns.dk
> nemo.dyndns.dk mail is handled (pri=10) by nemo.dyndns.dk
> nemo.dyndns.dk mail is handled (pri=20) by backup-mx.post.tele.dk
>
> Here we block access to tcp/25 on nemo.dyndns.dk (a ADSL users), but
> provide a backup MX for him to use, but when a mailserver wants to send
> mail to him, they will experience a timeout before sending the mail to
> backup-mx.post.tele.dk, which can send the mail onwards to
> nemo.dyndns.dk.
You can also solve the problem another way. You can remove the MX for
the customer machine, so that your backup-mx is the prefered MX for his
mail. Then on backup-mx you can add a mailertable entry to direct the
mail to his machine. Something like:
nemo.dyndns.dk smtp:[nemo.dyndns.dk]
The square brackets are needed to tell sendmail not to do MX lookups
again. Or if you don't want to use mailertables, you can set the
confTRY_NULL_MX_LIST variable to true.
This way you don't have to worry how someone else's machine is going
to handle those icmp packets.
John
--
John Hay -- [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
