Kai Schaetzl wrote:
Duane Hill wrote on Sat, 25 Aug 2007 22:29:50 +0000 (UTC):
What happens if the remote MX is within a private IP range? Should I
accept that message, knowing fully, the recipient would never be able to
respond?
This feature looks fine on first glance, but on second I think this is
dangerous if it gets applied to all MX positions. For instance the two MX
setup where one machine is behind a firewall and a gateway machine is first
MX and forwards to the machine behind the firewall. This is an accepted
setup. Couldn't I achieve the same thing without a firewall? The first MX
gets another IP from a private range and the second is on private only. So,
it's not reachable from outside, but the first MX can forward to it.
"backup MXs (that don't exist)" doesn't mean a private range. You simply
set it to an IP that doesn't have SMTP or one that points to nirvana, but
still a valid public IP address.
I don't use that technique and don't think I will need to use it in the
near future, but I can't see anything bad in it, sorry. As John says only
spammers or broken MTAs should have a problem with that.
I also agree on SAV with John, it's almost as worse as challenge-response
mechanisms.
Kai
If you have one MX and you create a fake low MX and a fake high MX (or
many fake high MX) about 75% to 95% of your spam goes away. It's that
simple.
