North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: What is up with 170.36.0.0/16
The most obvious use for this setup (the reason I made several customers implement it at my previous life as an abusecritter) ) is to close down an open SMTP relay that couldn't otherwise be closed down (*cough* Cc:Mail *cough*). Relaying is controlled on the publically accessable server, but only mail destined for the target domain comes into the primary MX. Hence, no thrid-party relaying. -Chris > Are you sure this couldn't be intentional? > > I've once seen a setup where you had the lowest-priority MX (by that, I mean > the one with the lowest number, in case my wording is ambiguous or > contradictory) being some host with an RFC 1918 IP, and then there was a > higher-priority MX which was their NAT box. I'm guessing (I never sent mail > there, or worked with this setup, thank god) that the idea was that > connections to the RFC 1918 box would die, so remote MTAs would contact the > NAT box and deliver there. The NAT box would then try to relay to the > primary MX, and since it would obviously have an interface into the network > with the RFC 1918 IPs, it would be able to deliver. > This place doesn't seem to be using this setup anymore, although amusingly > enough most of their NS records point to machines with 10.200 IPs. > > I agree that this type of thing is entirely dumb, but is there any reason > that the network mentioned by the original poster couldn't be doing the same > thing? > Many large corporations that have been running IP networks since before Wall > Street knew the meaning of the word Internet have different real blocks of > IP space (usually in the class B space) for their "public" network and their > corporate network... > -- --------------------------- Christopher A. Woodfield [email protected] PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
|