Subj : Re: Feedback re: Fidonet.org MX
To   : Rj Clay
From : Nick Andre
Date : Mon Dec 21 2015 10:29:20

On 20 Dec 15  14:27:23, Rj Clay said the following to Nick Andre:

RC>  NA> How to take action to stop the majority of it whilest retaining the
RC>  NA> custom MX functionality you have now with the domain is what is being
RC>  NA> pondered.
RC> 
RC>   SPF settings?  Firewall settings? (Depending on what's being used for the
RC> firewall manager...)  SpamAssassin?  (Things like fail2ban, of course, 
RC> depending on the OS being used on the main MX...)

That would apply if there was such a "main MX" entry or a single SMTP server, 
or any kind of first-point-of-entry. That I could understand, if not condone 
as a basic solution. You would have a server system that acts as the SMTP 
gateway for the domain, in turn forwarding emails as Netmail to whoever 
participates in the gating scheme.

But in this case, there is a mile-long list of MX entries in DNS specifically
covering individual Fido systems. Essentially every Fido sysop who has such an
entry is implied that they have an SMTP server sitting behind it.

When you multiply each of these SMTP servers, times the numerous number of 
different SMTP server packages, introduce the element of one of those being 
misconfigured, times the number of MX entries, you can see now why I am 
leaning towards nuking MX for everyone.

Nick

--- Renegade vY2Ka2
 * Origin: www.darkrealms.ca (1:229/426)

.