David B Funk wrote:
On Mon, 29 Jan 2007, John Rudd wrote:
It doesn't have to be firewalled. It just has to be non-answering on
port 25. It's called "nolisting".
I've thought about doing something similar. Nolisting only says:
MX 1 non-answering.host
MX 10 real.host
But adding the non-answering host to the end seems like a good idea to
me (for all of the spammers that try to attack the secondaries).
There IS a risk of losing mail. But only if the sender is a non-RFC
compliant MTA. Which, in theory, might be legit.. but I bet in
practice, for this particular RFC issue, it's a near zero level of risk.
Um, given that the RFCs (2821, etc) say that the MXs should be tried in
order with the most preferred (lowest numeric value) first, wouldn't
that scheme result in delays on all messages (as well as lost mail from
servers that only try the "best" MX)?
Small delays. They should try all of your MX hosts, in decreasing
priority order (increasing MX value order) until they get a success.
That's also in the RFC. So:
a) the hosts that don't try the 2nd MX, aren't RFC complaint.
b) the delay should only be as much as it takes to timeout on the
connection to the highest priority, lowest MX number, non-answering, MX
host. Plus maybe one queue retry (depending on whether it tries the 2nd
MX right away or after a queue retry interval).
Why make your "best" MX be the non-answering.host?
Because, according to the nolisting proponents (which I am not, I am
just experimenting and exploring the concept), the vast majority of the
hosts that don't do (a), above, are spam/virus sources. And, they say,
the hosts that don't do (a), but are legitimate, are so vanishingly
small as to not be worth worrying about.
