On Fri, 18 Apr 2008, Paul Smith wrote:
- Implicit MX. This causes me problems by (a) bunging up my mail server
retry queue, and (b) loading my non-mail server hosts with the thousands
of bounces to forged messages trying to be sent to them. (a) might be
easy to spot, but is nearly impossible for me to fix (without
'stretching' the standard - eg by having different retry algorithms for
implicit vs explicit MC records), (b) is hard to spot what's happening
without a packet tracer and knowing how to use one and is hard to fix
since i need to do something to add 'non-MX' records to all my hosts,
which could be hundreds of 'non-MX' records.
Different retry algorithms for MX-less domains is already standard
operational practise. For example see timeout_connect_A and refused_A at
http://www.exim.org/exim-html-current/doc/html/spec_html/ch32.html#SECID162
I think you're exaggerating the problem that a few SYN packets cause.
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
HUMBER THAMES DOVER: EAST OR NORTHEAST 5 TO 7, OCCASIONALLY GALE 8 IN DOVER.
MODERATE OR ROUGH. OCCASIONAL RAIN. MODERATE OR GOOD.