Some about MX 0 NULL Record and also parked domains

ikkeben

Verified User
Joined
May 22, 2014
Messages
690
Location
Netherlands Germany
Please read document.


Then is it possible to have such options in Directadmin GUI / API ?
So if choosen no mail at all for domain set automatic MX 0 and if external MAIl then as now is possible MX external.

NULL MX prevents :
Unfortunately,some domains are used for websites only and will have anA and/or AAAA record withoutlistening on port 25, which is used for SMTP. While doing a DNS check is moderately resource intensive, verifying that port 25 is listening is highly resource intensive.
And parked domains:
the rest for M3AAWG Protecting Parked Domains Best Common Practices,

Then take care of this ofcourse:
V.Reporting Abuse If a domain does not receive email, then the addressabuse@example.com will not work.To ensure handlingof abusecomplaints,M3AAWG recommends the addition of anabuse point of contact in the domain WHOISrecords and the registration oftheabuse point of contact at abuse.net
 
Last edited:

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
Here is a RFC for Null-MX: https://tools.ietf.org/html/rfc7505

The question is what mail services and software support "Null-MX"? Does Exim support it from a box or should we additionally modify exim.conf and add a check for this case?

A quick search on Exim and Postfix did not give good results.
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
690
Location
Netherlands Germany
Here is a RFC for Null-MX: https://tools.ietf.org/html/rfc7505

The question is what mail services and software support "Null-MX"? Does Exim support it from a box or should we additionally modify exim.conf and add a check for this case?

A quick search on Exim and Postfix did not give good results.
Yes this is why i ask / post here, there should be a "normal" way within specs to have such options to prevent a lot for parked or even redirected domains. ( so "more secure, while options are off" and less use of resources ) this for connecting to other ports on such domainnames to)

Then only the Letsencrypt / SSL active if wanted and yes or no WEBsite only.

Sorry find it difficult to explain hope you al understand.

A kind Easy switch for some of such often use cases where as much services / ports are closed for parked / redirected / only website domains.
All within some specs as for DNS settings for MX , SPF and so on. ( so handle here the dns settings according to)

((Even some firewall / csf rules for blocking after x times ip's if trying to access mail. ftp. whatever with a nice message "this domain have no mail... " already for first try such specs should be nice to have in RFC to a Utopian one ?

So a RFC complaint part to have at connections try's / dns records whatever info quick view what yes or no is on or off / disabled / disallowed. ;) ))

So thinking off such what if it is already possible to have in DNS records for domains/uri region codes for which regions accesable yes or no , saves a lot of resources to if compliant DNS services even don't try to access.. sorry kind of very Utopian one i guess. ( then only with a vpn if needed )

I mean saving resources not only speeding things up but also for the environment / climate changes much better as early and clear as possible protecting using traffic / energy and spilling .... 🙏 hihi
 
Last edited:

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
I understand the idea. My question is what mail services do support null-MX? If no public mail-servers support it, then I don't see any reason to use it.
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
690
Location
Netherlands Germany
See my edited above , i understand you to but i think such parts / topics needs more public attention to discuss.

While Is complete nonsens / useless to have "traffic" ( spilling... ) where none is needed.

some spf rules for such could help a bit to i guess
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
690
Location
Netherlands Germany
Exim more info about the MX record.


UH:
The domain exists but the MX record’s host part is just "."; this is a common convention (borrowed from SRV) used to indicate that there is no such service for this domain and to not fall back to trying A/AAAA records.
 

wattie

Verified User
Joined
May 31, 2008
Messages
1,039
Location
Bulgaria
What is you just delete the MX so there's not MX record at all? I think that will work.
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
690
Location
Netherlands Germany
What is you just delete the MX so there's not MX record at all? I think that will work.
No that is the whole problem!

While then almost always, fall back to trying A/AAAA records. If there A /AAA records mail cloud be send / try connection to MTA on those IP's and so on , so spilling ...

Not only this:
Unfortunately,some domains are used for websites only and will have anA and/or AAAA record withoutlistening on port 25, which is used for SMTP. While doing a DNS check is moderately resource intensive, verifying that port 25 is listening is highly resource intensive.
But also SCAM , phising and such are possible with mailadres of such domains without MX , because of the fallback to A/AAA
 
Last edited:

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
OK, I've set a Null-MX for a domain with DNS hosted at CloudFlare per this guide: https://community.cloudflare.com/t/how-to-add-a-null-mx-record/26532

And Exim on a directadmin server does not seem to process it well: emails from a domain with Null-MX accepted
HotMail accepted emails from a domain with Null-MX
Gmail rejected emails from a domain with Null-MX due to domain's DMARC policy (?)

So, it seems to be half-working....
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
690
Location
Netherlands Germany
OK, I've set a Null-MX for a domain with DNS hosted at CloudFlare per this guide: https://community.cloudflare.com/t/how-to-add-a-null-mx-record/26532

And Exim on a directadmin server does not seem to process it well: emails from a domain with Null-MX accepted
HotMail accepted emails from a domain with Null-MX
Gmail rejected emails from a domain with Null-MX due to domain's DMARC policy (?)

So, it seems to be half-working....
Alex if you can find in the link here https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_dnslookup_router.html#SECTprowitdnsloo
The domain exists but the MX record’s host part is just "."; this is a common convention (borrowed from SRV) used to indicate that there is no such service for this domain and to not fall back to trying A/AAAA records.
The DOT for MX record should be possible working for EXIM ? but in DA you say it doesn't.

Did you try with the ". " ?
 
Top