[Pdns-users] MX records by requestor

Daniel Miller dmiller at amfes.com
Fri Sep 5 23:27:35 UTC 2014

On 9/5/2014 4:07 PM, Daniel Miller wrote:
> This is probably a bad idea.  But I'll ask anyway...
> We host our own mail server.  This has extensive spam protection which 
> works reasonably well.  In addition to our other tests I also make use 
> of "Project Tarbaby" - which provides a set of backup MX servers as 
> honeypots.  Properly configured servers shouldn't hit these.  I said 
> "properly configured" and "shouldn't".
> We also use a fax-to-email service.  Recently, they started using our 
> backup MX servers - I still don't know why.  However, since I don't 
> administer their systems I can't fix that end.  But as for ours...my 
> choices are either to drop the honeypot backup MX servers (which I 
> know many admins will recommend) or find another way.  I was thinking 
> that I could setup a script that would only give the primary MX to 
> designated requestors.  But I'd like to do that based on domain-name 
> lookups instead of hard-coding their IP's.  Is this possible?

I'm currently going to try:

if qtype == pdns.MX then
   if requestorip == "my.fax.gateway.ip" then
     return 0, { { qtype=pdns.MX, content="primary.mail.server.fqdn" } }
   return -1, {}

if this works, and it seems reasonable, is there a way to do it by 
matching requestorip to a dns lookup instead of the hardcoded IP?


More information about the Pdns-users mailing list