Subject: | |
From: | |
Reply To: | |
Date: | Mon, 6 Feb 2006 12:20:40 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Miles O'Neal wrote:
> Michael Hannon said...
>
> |We could also just reject email that doesn't arrive via our spam/virus
> |filter, but it's hard to be sure that there isn't some legitimate source
> |of email that's using the 'A' record. Email is a VERY touchy subject.
>
> It certainly is.
>
> But I tend to define any email that doesn't use the MX
> record as "non-legitimate". Where would you be getting
> legitimate email that used the A record? Have you got
> people still sending from homebrew mailers written in
> 1975, or what?
Heh. During our first iteration of this, over a year ago, I didn't even
bother to use iptables. I just used TCP Wrappers (i.e.,
/etc/hosts.deny) to block all access to sendmail on the machine in
question unless the request for sendmail came from our spam-filter box.
The (faculty) head of our computer committee started losing
legitimate, and, evidently, quite important mail almost immediately.
How can you possibly know what's happening at the gazillion sites out
there in cyberspace that you don't control?
- Mike
--
Michael Hannon mailto:[log in to unmask]
Dept. of Physics 530.752.4966
University of California 530.752.4717 FAX
Davis, CA 95616-8677
|
|
|