Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Nov 2000 10:19:01 +0200 (SAT)
From:      John Hay <jhay@icomtek.csir.co.za>
To:        jesper@skriver.dk (Jesper Skriver)
Cc:        hackers@FreeBSD.ORG
Subject:   Re: React to ICMP administratively prohibited ?
Message-ID:  <200011180819.eAI8J1V20277@zibbi.icomtek.csir.co.za>
In-Reply-To: <20001117211013.C9227@skriver.dk> from Jesper Skriver at "Nov 17, 2000 09:10:13 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
> 
> I'm currently looking at how various operating systems react to a 'ICMP
> administratively prohibited'.
> 
> My motivation is setup's where access to the primary mailserver is
> blocked by filters (usually to block open relay's), and all mail has to
> go via the backup MX, a example from a customer of ours.
> 
> jesper@freesbee$ host -t mx nemo.dyndns.dk
> nemo.dyndns.dk mail is handled (pri=10) by nemo.dyndns.dk
> nemo.dyndns.dk mail is handled (pri=20) by backup-mx.post.tele.dk
> 
> Here we block access to tcp/25 on nemo.dyndns.dk (a ADSL users), but
> provide a backup MX for him to use, but when a mailserver wants to send
> mail to him, they will experience a timeout before sending the mail to
> backup-mx.post.tele.dk, which can send the mail onwards to
> nemo.dyndns.dk.

You can also solve the problem another way. You can remove the MX for
the customer machine, so that your backup-mx is the prefered MX for his
mail. Then on backup-mx you can add a mailertable entry to direct the
mail to his machine. Something like:

nemo.dyndns.dk	smtp:[nemo.dyndns.dk]

The square brackets are needed to tell sendmail not to do MX lookups
again. Or if you don't want to use mailertables, you can set the
confTRY_NULL_MX_LIST variable to true.

This way you don't have to worry how someone else's machine is going
to handle those icmp packets.

John
-- 
John Hay -- John.Hay@icomtek.csir.co.za


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011180819.eAI8J1V20277>