Re: [courier-users] Courier-MTA reacts badly if own DNS server goesdown
Brought to you by:
mrsam
From: Alessandro V. <ve...@ta...> - 2009-08-21 04:45:54
|
Malcolm Weir wrote: > So you can prevent the problem you experienced by having a local DNS server > that resolves the Courier server's own details. Besides mail specific settings (faked SPF or similar stuff), a dedicated DNS resolver for the MTA is a recommended security measure. That conclusion is explained, e.g., in DNS-based Email Sender Authentication Mechanisms: a Critical Review http://amir.herzberg.googlepages.com/ea.pdf http://amir.herzberg.googlepages.com/somerecentpapers that may be a good intro paper, and has several other links, including one to an MTA view of the Kaminsky attack that justifies the claim above. |