On Mon, Oct 16, 2006 at 02:29:56AM -0400, Paul Schmehl wrote:
Send me an email at geek@stovebolt.com, and I'll tell you.
I'm not sure what you mean by "split inbound and outbound", but any
outbound MX host *should* be listed in DNS. You only list one -
smtp.vt.edu. 192.82.162.213 is reversible, so it would get points for
being honest about its IP/hostname, but it would lose points for not being
listed in DNS as an MX. The overall score would determine if the mail was
rejected, but I doubt that it would be.
Huh?
MX records are only used to describe machines that are able to receive
mail for the given domain: many many sites have farms of mail servers
that do nothing but send mail all day (Example: eBay and all the outbid
notifications you get). There is no requirement that they also receive
mail, and you should never list in MX a machine that won't accept mail.
This whole notion is just totally confused.
Now the question you *want* to ask is a useful one: "is this server
authorized to send mail on behalf of the sender?", but MX is not the
way to answer that question.
SPF is how to answer that question. http://www.openspf.org/
Steve
---
Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561
www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve@unixwiz.net
------------------------------------------------------------------------------
This List Sponsored by: Black Hat
Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.
http://www.blackhat.com
------------------------------------------------------------------------------
