more about MX records

day 10 of the beard

In response to my previous post someone pointed out that MX records have an obvious benefit of offering multiple servers at different priority levels.

I don’t believe that this is a benefit for many machines on the modern Internet. Most systems that have secondary MX records implement them poorly, they have less SPAM checks on the secondary MX server, and it often doesn’t even have a canonical user-list! This is a really serious problem, spammers apparently often target the secondary MX server (I don’t have evidence for this but many people assert it to be true and it would obviously work so is likely to be true) and it’s well known that spammers often guess account names (a quick scan of the logs of any mail server will prove this). These factors combine to make a secondary MX server without a canonical list of user-names a serious spam problem, it will receive mail and then bounce it to innocent third parties (the vast majority of spam has a forged sender nowadays).

If you have the ability to run a well configured secondary MX server with a canonical list of valid account names (which must be maintained independently of the master mail server for obvious reasons) then there is the issue of why you would want to do so. What problem does it solve? In the early days of the Internet mail storage machines were often end-nodes on the network, many hops away from the central well-connected machines. This meant that sometimes connections would time-out or the hop count (which was smaller then than it is now) would be exceeded. Having a well connected server being a secondary MX server was a significant advantage for a small mail server in those times (by todays servers almost all the mail servers of 1993 are small and the biggest servers of 1993 were medium sized by today’s standards).

I just did a quick search for machines with secondary MX records (IE multiple MX records at different priorities). The only significant mail service with such configuration that I could find was gmail.,,,, and all have multiple MX records at the same priority – this is a cluster of primary mail servers not a primary/secondary configuration. The evidence suggests that mail servers such as do not benefit from a secondary MX record, so I doubt that any other domain needs it either.

In response to a comment on my previous post, I have previously mentioned in mailing lists the issue of spammers attacking secondary MX servers, but I couldn’t see it when reviewing my blog archives.

Above is day 10 of the beard.

day 8 of the beard

day 8 of the beard

The beard is still growing steadily, and I’m still waiting for the beardly powers that some of the bearded delegates at LCA 2006 assured me that I would develop.

yet another beard pic

day 6 of the beard

I’ll space them out a bit now, no more daily pictures.

Years ago Jon Wright (a well known bearded OS/2 programmer) told me that after you get past a week of growth it stops being annoying, I think I’m getting to that stage now.

day 4 of the beard and the Crypto museum

day 4 of the beard

The day 2 picture had an NSA coffee mug in the background. I purchased it from the gift shop of the National Cryptologic museum at Ft Meade, Maryland. I highly recommend that museum, it has free entrance, hardly any visitors (I’ve never seen more than 5 people in there) lots of interesting displays, and some really intelligent and well-informed tour-guides. If you are interested in technology then you should visit the Cryptologic museum and the Smithsonian every time you visit Washington DC.

Last time I visited the Crypto museum they had a new display about fingerprint scanning. It displayed what the machine read and indicated whether the fingerprint was regarded as a match or not. I learned that I could get a false negative by changing the angle of my finger by about 20 degrees, but apart from that it seemed more accurate than I had expected.

Here is a picture of me touching an Enigma at the Crypto museum! There is also a picture of me sitting on a Cray with some Japanese friends, but I haven’t got a copy of that one.

In regard to Shintaro’s comment about thinking I had a beard after reading backup.te, I was a little surprised, I would have thought that mta.te (which is fairly complex) or chroot.te (one of the most complex and least used policy modules I ever wrote) would have inspired such a comment. backup.te seemed rather mundane by comparison.

day 3 of beard, and the gimp

day 3 of the beard

Right now I’m just starting to break new personal records for hairyness.

I’ve been surprised that the GIMP isn’t as difficult to use as I had previously thought. I particularly like the preview feature for saving JPEGs. I can use a slider to set the quality of the image and see a preview of viewing the file before saving. In the past with less capable software I used to go through a laborious process of saving a JPEG, viewing it in a separate program, and then repeating until I achieved an acceptable balance of file size and quality. Now I can adjust the slider and see what the result would be in terms of both quality and file size.

Recently I was doing sys-admin work for a company where Windows was the desktop standard. Often we had to send around screen-shots of various problems and the way of doing this was to use CTRL-PrtSc to copy an image of the window in question and then paste it into a MS-Word document because the Windows image had no other program that was capable of dealing with image data. One significant problem with MS-Word is that it doesn’t allow expanding the image or modifying it, so you see it at about half the original resolution. It seems that what I should have been doing is pasting the image data into the GIMP and then saving it as a PNG file (PNG is loss-less compression which avoids the ripples you get from JPEG compression of text and it’s also very efficient at compressing the regular data that is typical in a screen-capture). PNG files would take much less space than MS-Word documents and allow efficient viewing by many programs (including web browsers which are on all machines).

Another beard pic

day 2 of the beard

I’ve attached another pic, titled this one day2, which I guess means that day0 (not photographed) was one day without shaving and day-1 (also not photographed) was the last time I shaved.

So far I’m still in the range of “too busy/lazy to shave”.

Blogger beta is living up to it’s name and the functionality I had yesterday for uploading an image and having a small version generated is not working now.

started growing a beard

day 1 of the beard

At LCA in January this year there was an auction at the end (an LCA tradition), and most people were feeling very relaxed and happy after plenty of good food and drink and bid with reckless abandon (another LCA tradition).

To help things along a few of us volunteered to do various things if various amounts of money were reached. The full list is here.

Anyway my contribution is to grow a beard for the next LCA. Recently I had been thinking that it was about time to start, and this morning I discovered that I had misplaced my shaver, so I start today. I had wanted to get a clean-shaven picture for the first blog entry, but things didn’t work out for that. The above picture is two days of growth (members of my local LUG are probably used to seeing me look like this).

I will strart by blogging a picture every day, and then start to space them out as it grows. The apparent results of beard growth should exponentially decrease over time so the rate of pictures would best be based on the log of the time.