From: Andy Stewart <andystewart@comcast.net>
In my town, I've noticed that other town employees with whom I send email are unable to send return email to me. This started happening about a month ago. My ISP is Comcast.
I am just going to type something crazy off the top of my head and go to sleep. Take two and call me in the morning.
This description was sent to me by a town employee:
o In an attempt to limit the amount of SPAM on the Comcast Internet system, Comcast does not allow external email servers to send mail to Comcast email accounts where the sending email server's MX records do not match.
o Because the TOWN mail server is behind our firewall our incoming mail IP address is different from our sending mail IP address. In other words our MX records do not match consequently Comcast blocks our mail from being sent to Comcast email addresses.
Your town employees are impressively well informed.
Basic questions:
- - What is an MX record?
A Mail eXchange record is given by a DNS server when you ask for it. You did not say the domain you are sending to, but you can see comcast.com mx records thus: C:> $ dig comcast.net mx C:> C:> <Redacted> C:> C:> comcast.net. 900 IN MX 5 gateway-r.comcast.net. C:> comcast.net. 900 IN MX 5 gateway-s.comcast.net. There you see the name of two servers that will (aledgedly) accept mail for goodguy@comcast.net. C:> <Redacted> C:> C:> gateway-r.comcast.net. 900 IN A 216.148.227.126 C:> gateway-r.comcast.net. 900 IN A 204.127.198.26 C:> gateway-s.comcast.net. 900 IN A 63.240.76.26 C:> gateway-s.comcast.net. 900 IN A 204.127.202.26 There you see their IP addresses. You can talk to them like this C:> $ telnet 216.148.227.126 smtp C:> Trying 216.148.227.126... C:> Connected to gateway-r.comcast.net (216.148.227.126). C:> Escape character is '^]'. C:> 220 rwcrmxc18.comcast.net - Maillennium ESMTP/MULTIBOX rwcrmxc18 #337 C:> helo dsl.keithdiane.us C:> 250 rwcrmxc18.comcast.net C:> mail from: kwright@keithdiane.us C:> 501 need MAIL FROM:<name@domain> C:> MAIL FROM: <kwright@keithdiane.us> C:> 250 ok C:> RCPT TO: <andystewart@comcast.net> C:> 250 ok C:> DATA C:> 354 ok C:> This is just kwright goofing on you. C:> Read your WLUG messages I will explain. C:> . C:> 250 ok . id=20060425052454r1800cg1fje [f] C:> quit C:> 221 rwcrmxc18.comcast.net C:> QUIT C:> Connection closed by foreign host. It seemed to work, and I am typing this on a machine behind an NAT translation firewall (other kinds should be transparent). This is not my mail server, but it seemed to work. Only Andy can say whether they accepted the message and then trashed it in flagrant violation of RFC-2821, which tells how to do such things. They are more tight-assed than most about using the proper case, and I have never seen one that required the <brackets.com> around the address.
- - Is it normal for the mail server to be behind the firewall? I thought perhaps it would be either exposed to the net or on the DMZ.
If you have only one IP addresses, it seems that either your mail server must _be_ the firewall, or be behind it. I don't think it's crazy, but the only way to find out how "normal" it is would be to break it and see if the people who complain are normal.
I am wondering if there is some misconfiguration or perhaps a different configuration that could be used to alleviate this problem.
I am not convinced the problem has been exactly described, although your town employee seems to know a lot more than I do about it. You may be standing in the middle of a pissing contest. If a customer and a local authority work together you might get comcast's leg quite wet.
I have no expertise running a mail server and thought somebody on this list might be able to help.
I hope you have learned your lesson about expecting help from people with expertise. That reminds me of a short FAQ that appeared in the Managment School Student Newspaper: Q: What are those strange creatures in the hall? At first, I took them for apes, but they all wear bluejeans. A: Those are not apes, those are PhD candidates. The hair, grunting, and hunched gait become more pronounced just before Qualifying Exams. Rather than run from them, you will find that you can speak to them, if you ask questions about your homework. The answers can be helpful if you can keep them focused on your problem. If the answer begins "In equilibrium..." you know you have asked the wrong one. -- Keith