[Dshield] DNS MX record block question

Robert Voje robert at voje.net
Sat Sep 6 19:07:01 GMT 2003

We are currently running a mail server on the inside
of our firewall.

Our public IP range is limited, but I have requested some
extras for other purposes, and soon (I hope) we will be
able to dedicate a public IP address for our mail server.

Our current setup is that all incoming mail goes to a
port-mapped external IP. An MX record points to an
address record which again points to this external IP.

All outgoing mail is sent through the common outside
firewall IP (wich is different from the incoming mail IP).
The outgoing firewall IP responds with "mail.ourdomain"
on a reverse lookup.

My preferred setup (if we get the extra requested IP range)
is to dedicate an IP for mail, but that's another setup...

As I understand, our current configuration are quite common,
is there anything I can do to improve our situation in
case our ISP deny our request for more IP's?

My greatest fear is to be banned from several MTA's because
of poor mail server/firewall configuration.


More information about the list mailing list