2018-11-14 10:22 GMT+01:00 Håkon Alstadheim <ha...@alstadheim.priv.no>:
> > Den 14.11.2018 08:21, skrev Poliman - Serwis: > >> >> >> 2018-11-13 19:58 GMT+01:00 Wietse Venema <wie...@porcupine.org <mailto: >> wie...@porcupine.org>>: >> >> Poliman - Serwis: >> > 2018-11-13 18:24 GMT+01:00 Viktor Dukhovni < >> postfix-us...@dukhovni.org >> <mailto:postfix-us...@dukhovni.org>>: >> > >> > > > On Nov 13, 2018, at 11:48 AM, Wietse Venema >> <wie...@porcupine.org <mailto:wie...@porcupine.org>> >> > > wrote: >> > > > >> > > >> It's colonel.com.pl <http://colonel.com.pl>. Please check. >> I don't see anywhere MX's IP as A >> > > record >> > > >> in dns zone. >> > > > >> > > > You have both A and MX records for colonel.com.pl >> <http://colonel.com.pl>. Some SMTP systems >> > > > may try to send email using the A record, if those SMTP >> systems are >> > > > borked and if their DNS resolver is borked. >> > > >> > > In other words, nothing to worry about. There's no need to >> worry about >> > > such broken systems in practice. Real MTAs don't get this >> wrong (though >> > > perhaps what I'm saying is that if there are some MTAs that >> get this wrong, >> > > they are garbage that deserves to be ignored). >> > > >> > > -- >> > > Viktor. >> > > >> > > [1] https://en.wikipedia.org/wiki/Infinite_monkey_theorem >> <https://en.wikipedia.org/wiki/Infinite_monkey_theorem> >> > >> > >> > Ok, thank you guys for answers and advices. Appreciate! >> >> You man still want to turn off the SMTP listener on colonel.com.pl >> <http://colonel.com.pl>, >> because it will never receive legitimate email. >> >> Wietse >> >> >> Thank you for answer. I suppose I don't understand properly. How could I >> do this if this domain has MX on Google? >> >> To make sure all mail delivered to colonel.com.pl gets to google, make > sure that the host colonel.com.pl will NOT accept connections for > incoming mail from the internet. > > In other words: if you want mail to end up at your MX, your A ip-address > should not accept incoming mail. > > If that is already OK, you are OK. It looks OK from where I am sitting. > > Viz: > > # dig colonel.com.pl mx > > ; <<>> DiG 9.11.2-P1 <<>> colonel.com.pl mx > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63690 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;colonel.com.pl. IN MX > > ;; ANSWER SECTION: > colonel.com.pl. 3600 IN MX 5 alt1.aspmx.l.google.com. > colonel.com.pl. 3600 IN MX 5 alt2.aspmx.l.google.com. > colonel.com.pl. 3600 IN MX 10 alt4.aspmx.l.google.com > . > colonel.com.pl. 3600 IN MX 10 alt3.aspmx.l.google.com > . > colonel.com.pl. 3600 IN MX 1 aspmx.l.google.com. > > ;; AUTHORITY SECTION: > colonel.com.pl. 3576 IN NS ns6.poliman.net. > colonel.com.pl. 3576 IN NS ns7.poliman.net. > > ;; ADDITIONAL SECTION: > ns6.poliman.net. 3576 IN A 193.70.38.6 > ns7.poliman.net. 3576 IN A 54.38.202.128 > > ;; Query time: 42 msec > ;; SERVER: 192.168.2.2#53(192.168.2.2) > ;; WHEN: on. nov. 14 10:20:30 CET 2018 > ;; MSG SIZE rcvd: 240 > > 0:gt ~ # nc colonel.com.pl 25 > nc: unable to connect to address colonel.com.pl, service 25 > > > Really appreciate help. About " In other words: if you want mail to end up at your MX, your A ip-address should not accept incoming mail. " - currently I have spf which allow sending emails only for google servers added as MX records (I have removed 'a' from spf record). Second - I tried "nc colonel.com.pl 25" from virtual machine deployed on my PC in job and result: tot@haha:~# nc colonel.com.pl 25 220 s1.poliman.net ESMTP Postfix (Ubuntu) ^C -- *Pozdrawiam / Best Regards* *Piotr Bracha*
