ingress SMTP

Alec Berry alec.berry at
Thu Sep 4 09:57:24 CDT 2008

Hash: SHA1

Mark Andrews wrote:

>> 	You do realise that there a mail clients that check MX
>> 	records *before* submitting email (or before on sending the
>> 	email) so that typos get detected in the client before any
>> 	email is sent from the client.

I think you are not familiar with the difference between the DROP list
and the XBL. The DROP list is *not* an RBL!

I do not allow any traffic at all to or from the DROP list-- including
MX lookups. I can't think of any good reasons why I would.

The XBL is used only to block mail transport-- it is configured in
sendmail, not at the firewall. The scenario you lay out will still work:

- - end user on a dial up that happens to be on the XBL (common)
- - end user queries MX records, either directly or via their name server
- - end user submits mail to their SMTP server (not on the XBL)
- - SMTP server transports mail to my system

Unless one of those systems mentioned above is a hijacked name server in
Kyiv (and thus on the DROP list), everything will work.


- --
/ Alec Berry \______________________________
| Senior Partner and Director of Technology \
| PGP/GPG key 0xE8E9030F                    |
|           |
|             RestonTech, Ltd.              |
|         |
|          Phone: (703) 234-2914            |
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the NANOG mailing list