Chris's Wiki :: blog/sysadmin/ExternalMXInternalDNS Commentshttps://utcc.utoronto.ca/~cks/space/blog/sysadmin/ExternalMXInternalDNS?atomcommentsDWiki2020-04-07T03:21:29ZRecent comments in Chris's Wiki :: blog/sysadmin/ExternalMXInternalDNS.By Chris Siebenmann on /blog/sysadmin/ExternalMXInternalDNStag:CSpace:blog/sysadmin/ExternalMXInternalDNS:32b27f21dc27e187b9ad584d7463ccca5315436cChris Siebenmann<div class="wikitext"><p>Even our internal mail server doesn't accept SMTP envelope sender
addresses that are in our special .sandbox internal zone. It's simply
too hard to make sure that they never, ever leak out into the outside
world, since people forward their email and want to notify external
email addresses about problems with (or on) their machines and so on.</p>
<p>(Generally the outside world is going to immediately reject them,
and often our attempts to deliver a bounce somewhere will stall and
eventually time out.)</p>
</div>2020-04-07T03:21:29ZBy Aristotle Pagaltzis on /blog/sysadmin/ExternalMXInternalDNStag:CSpace:blog/sysadmin/ExternalMXInternalDNS:a5ca3a0aed85c50e28ae13435af5a53e0bb28badAristotle Pagaltzishttp://plasmasturm.org/<div class="wikitext"><p>Given an external gateway set up with only a public DNS view, could you not also use your internal DNS to return your internal mail server to local machines when they ask for your MX? If so, they could successfully send such mail, instead of having it rejected, without at the same time giving external senders the opportunity to do the same – no? Would this actually be desirable in practice?</p>
</div>2020-04-07T03:00:39Z