On Sun, Feb 08, 2009 at 01:23:43PM +0800, jan gestre wrote:
> > Don't use ISP DNS servers that fabricate A records.
> >
>
> I'm not using our ISP's DNS , I'm using OpenDNS, I'm using OpenDNS
> since way back it's only now that I'm getting this strange behavior in
> my SMTP server.
You should not use OpenDNS or any similar external DNS forwarder with
Postfix. Especially, when doing RBL lookups. Just run a stand-alone DNS
cache on your system (127.0.0.1). If you are behind a NAT device that
de-randomizes UDP query ports, you are likely vulnerable to the Kaminsky
attack... Running a SOHO incoming mail server is getting increasingly
difficult, you may need a real SMTP server at a hosting facility.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
