Hosted by PSE.pl | Created: 1999-10-23 | Last update: 2002-06-21 21:42:28 UTC | GnuPG signature of this page
anfiTop | anfiUp | Andrzej Filip | Mirror Sites | GnuPG Keys | New!google
googleMy Postings | slashdotJournal | Showing Gratitude
Personal | Sendmail | Exim | General MTA | Cyrus IMAP | UUCP

MX Plus

Abstract

The document describes how to use firewall to effective modify MX seen by different hosts/networks. IT IS NOT SENDMAIL SPECIFIC.

Copyright (c) 1999 Andrzej Filip

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
THE AUTHOR NAME MUST BE QUOTED IN ANY WORK DERIVATED FROM THE WORK.

Case study (A)

Your Internet connection is not very good (especially overseas), so you would like to receive your email via your ISP mail server except from a few most important clients (with good connectivity to you via Internet). You also would like to be able to receive email directly if the is mail server goes down.

The "effective default MX" should be: via ISP first, than directly

20 ISP
30 office

but "effective MX" for special clients/companies should be: directly first, than via ISP

10 office
20 ISP

Recipe

  1. create two ip addresses for mail server in your office: 
    officeA
officeB
  2. use firewall to reject SMTP connections from anywhere except your ISP mail server and special clients/companies (do send ICMP port unreachable)

  3. create MX record

    10 officeA
20 ISP
30 officeB

How it works:

Connections anywhere except your ISP mail server and special clients/companies can not reach officeA, so effective MX seen from is ISP, officeB. Such connections to officeA are rejected very quickly - ICMP port unreachable is sent in response to first packet of TCP connection.

Case study (B)

A firm has two offices connected to different ISPs (office1 - ISP1, office2 - ISP2). Both offices are interconnected via a fast direct leased line and both offices have a direct Internet link. Connectivity to most of the Internet is better via ISP1 except ISP2's network.

The "effective default MX" should be: office1 first, than office2

10 office1
20 office2

but for efficiency "effective MX" seen from ISP2's net should be: office2 first, than office1

20 office2
30 office1

Recipe

  1. create two ip addresses for mail server in office1: 
    office1A
office1B
  2. use firewall to reject SMTP connections from ISP2 network to office1A (do send ICMP port unreachable)

How it works:

Connections from ISP2 network can not reach office1A, so effective MX seen from ISP2 net is office2, office1A. Connections from ISP2 network to office1A are rejected very quickly - ICMP port unreachable is sent in response to first packet of TCP connection.

Original Posting

googleThe posting
Subject: More than MX
Date: 1999-03-17
Newsgroups: comp.mail.sendmail
Message-ID: <36EFE80C.8D950D73@polbox.com>

PSE.pl The page is hosted by
PSE.pl		 Valid xhtml-1.0! Valid CSS! Open Source
Translate this page to
Andrzej [pl>en: Andrew] Adam Filip - Warsaw, Poland
E-mail: anfi@priv.onet.pl Backup email: anfi@xl.wp.pl Former emails: anfi@box43.pl | anfi@bigfoot.com | anfi@polbox.com
GnuPG signature of this page