Turns out it is just smtp traffic to AT&T cellphones.
Specifically my operators cellphones. Seems sometime on Saturday they
updated a rule that any smtp traffic sent to txt.att.net and coming from
206.18.123.221 was to be accepted and then blackholed.
Now my AT&T rep was glad to tell me that they have a service that will fix
it for 9.99 a month per phone.
So now I have an additional $60/month expense for 6 operators to send smtp
traffic to page.att.net from 206.18.123.221.
See everybody's happy....
Idiots wouldn't even give me a log entry showing they had received and
killed my messge. Just said buy this service or fail to get messages.
I feel diry.
----- Original Message -----
From: "Ben Scott" <mailvor...@gmail.com>
To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com>
Sent: Thursday, September 17, 2009 12:00 PM
Subject: Re: Is this a good SMTP transaction?
On Wed, Sep 16, 2009 at 10:48 AM, David W. McSpadden <dav...@imcu.com>
wrote:
Current: v=spf1 include:mailanyone.net include:fusemail.net ~all
Proposed v=spf1 include:mailanyone.net include:fusemail.net
include:imcu.local ~all ???
The proposed addition won't work for two reasons:
(1) <imcu.local> is not resolvable in the public DNS, so the rest of
the world won't be able to query for the needed records.
(2) The <include:> directive means "Include SPF records from this
other domain", and I'm guessing you haven't published an SPF record in
your <imcu.local> domain. :-)
You'll generally want to specify the IP address(es) mail can come
from. Suppose your IronPort's apparent public IP address is
<192.0.2.42>. If so, you'd want your SPF record to read:
v=spf1 include:mailanyone.net include:fusemail.net ip4:192.0.2.42 ~all
Alternatively, if you own the 192.0.2.32 - 192.0.2.63 range, and you
want any host in that netblock to be able to send mail:
v=spf1 include:mailanyone.net include:fusemail.net ip4:192.0.2.32/26 ~all
OpenSPF <http://www.openspf.org/> is useful here. They publish a
FAQ, "Common mistakes" list, a formal SPF syntax spec, etc. I went
there to double-check my memory of the syntax, for example. They also
offer a "Setup Wizard" that may be useful to you:
http://old.openspf.org/wizard.html?mydomain=imcu.com
The SPF records for the two domains you're including may be useful
for illustration purposes:
BSCOTT>dig +short mailanyone.net TXT
"v=spf1 ip4:208.101.54.178 ip4:208.70.128.0/21 ~all"
BSCOTT>dig +short fusemail.net TXT
"v=spf1 ip4:10.0.5.0/24 ip4:208.101.54.178 ip4:208.70.128.0/21 ~all"
I note that <fusemail.net> is saying mail can come from a subnet of
10/8, which is one of the RFC-1918 private blocks. They shouldn't be
publishing that on the public net. While it's unlikely be a big
problem, it's still a nonsense thing to do, and might potentially let
some spam through. You may want to contact them and tell them to fix
it.
Hope this helps!
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~