On Tue, Apr 25, 2006 at 11:58:13AM -0400, Theo Van Dinter wrote:
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Date: Tue, 25 Apr 2006 12:03:30 -0400 Subject:
Content-Description: ATT10815498.txt
On Tue, Apr 25, 2006 at 09:36:20AM -0400, Chuck Anderson wrote:
I'll add that WPI uses separate servers for receiving and sending SMTP connections. The sending servers are not in any DNS MX records, so any site using "spam blocking" tactics that require the sending SMTP server to be listed as an MX would block WPI email.
Most mid-to-large organizations will do this as well. It would be complete stupidity for a receiver to not accept mail from a server whose domain MX record doesn't include that server -- they'd be blocking a vast majority of domains. What's more plausible is that the receiver is blocking mails from domains lacking an MX record, but even that's going to cause false positives (FPs) on a large amount of domains.
The usual thing that happens is that receivers block mails where the host part of the email address (to the right of the @) has no A or MX record at all. Since to the receiver it looks like that host doesn't exist, why accept mail from it?
ie:
HELO nonexistant.example.com
where, typically, nonexistant is a host behind a firewall, but isn't in the external DNS zone. Usually all hosts behind a firewall send to a relay gateway which masquerades the headers and envelope so that the receiving server sees an externally available name. ie:
nonexistant.example.com (helo nonexistant ...) -> relay.example.com (helo example.com) -> your-server
so when your-server gets the mail, it looks up "example.com" and finds A/MX records, so accepts the mail.
-- Randomly Generated Tagline: "Many people equate the word 'daemon' with the word 'demon,' implying some kind of Satanic connection between UNIX and the underworld." - Evi Nemeth
I'm wondering whether it might actually be a reverse lookup issue. I recently had to opt into a static IP at my web & mail services provider so that reverse lookups would work. AOL has started blocking email from senders that don't have a valid PTR record. If the mail server is behind a firewall, this _could_ be the issue. I use a mail server at home behind a firewall, but I don't send directly to the recipient -- I use the "smart host" feature of sendmail. The "masquerade_as" feature might be what they need. The trick is to make the smtp server look as though it's using the "external" hostname and IP address. I'm just guessing, though. :-) Bill