-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Wednesday 2006-12-20 at 19:56 +0100, Sandy Drobic wrote:
> > No, my provider does give static IPs if you ask for it, on adsl (or
> > whatever). It is used by small businesses, and also people needing it to
> > work from home because their company has set their firewall to admit
> > connections from certain IPs only, and things like that.
>
> Well, I wouldn't call it a static ip if these ips are in the same address
> space as the dial up addresses. (^-^)
I don't know if they are in the same address space. They have a very wide
space, and for those some are administratively static and some dynamic.
Mine is currently 83.32..., dynamic and, for example, 213.96... are
static. Physically, they are handled by the same set of machines, so it is
really an administrative decision which are dynamic or static (the radius
configuration, I think).
You know, how they do the divisioning is just their decision. They can
have mixed ranges, or not, I don't really know. If a provider says such
range is static, well, it should be. Whether the owner (user) of that IP is
reliable or not... that's a very different thing.
> > I know that making rDNS is almost impossible because I have a friend with a
> > Fidonet node and small mail server, and he doesn't have reverse dns working.
> > He once was a very small provider himself, with a partnership, and he
> > commented that he couldn't get it. Other people in the Spanish list also
> > commented they couldn't get it, and from several providers. Its quite common
> > around here, and unbeliveable for people like you ;-)
>
> Here in Germany you can have your choice among a variety of providers, so it's
> always possible to get a clean static ip if you are willing to pay for it.
Not every country works in the same way ;-)
For example... people here chose provider X because it offers 20 Mbit, and
cheaper than the "main" provider. In fact, they are hiring the access in
bulk from the main provider at bulk prices - so whether they really are
using another ISP is questionable. Other ISPs do have their own network,
fully theirs... but then, they don't reach everywhere.
> > I know, I know. I meant the idea, not that particular IP range. Suppose mine
> > had the word "static". Just assume that it would not be rejected, every
> > thing else being correct. I'm just curious about getting a matching rDNS
> > name that way.
> >
> > For my provider, static IPs are named as
> > "Z.Red-W-X-Y-.staticIP.rima-tde.net.".
>
> Doesn't really matter that much, because I (and I assume a lot of other
> mailadmins) use checks like
> if (hostname contains (number and "-" or ".") at least three times) then
> treat as probably dynamic and hit with your favorite choice of checks like:
> reject_unknown_sender_domain
> reject_rbl_client bl.spamcop.net
> reject_rbl_client dynalist.njabl.org
> greylisting
> reject_unverified_sender
¡Even if they are static addresses and have remained with the same owner
for years! Not very nice...
Ok, suppose they don't do such things. I'm just interested in a
theoretical question :-)
Suppose I have the static IP "W.X.Y.Z" Suppose I have a domain name, like
"mydomainname.es". The rDNS would say, for instance,
"Z.W.X.Y.staticIP.someprovider.net". Now, could I define the
"mydomainname.es" to point to ""Z.W.X.Y.staticIP.provider.net", instead of
IP "W.X.Y.Z."? Ie:
On contracted DNS (might be the ISP or not):
mydomainname.es --> pointer to Z.W.X.Y.staticIP.someprovider.net
By ISP:
Z.W.X.Y.staticIP.someprovider.net --> W.X.Y.Z
W.X.Y.Z --> Z.W.X.Y.staticIP.someprovider.net
What I want to know, theoretically, is if that would work as far as having
a matching reverse DNS - even if later there are other checks that deny
access. I'm not going to use that setup (I don't have a domain name, for
starters), but I'm curious. O:-)
> > > Because I did indeed get some desired mails from that address space I
> > > can't
> > > block rima-tde.net hard.
> >
> > It has millions of users, both home and businesses, both dynamic and static
> > ;-)
>
> As far as mailservers are concerned only the static server ips are important.
> And if they don't have a matching reverse dns they obviously can't be that
> important... (^-°)
Well, they won't be a thousand employee business, obviously.
For example, the DNS of my professional engineer association mail
server doesn't match its rDNS.
> > Certainly, certainly, but I'm not receiving mail directly, and I don't have
> > users.
>
> If you don't receive mail directly then you could probably better own a
> virtual server at a serious hosting company for about 10 Euro per month. Then
> use that server as relay server and mx for your domain. your internal server
> would only talk to the relay server. That would be the most cost effective way
> to get a static ip with almost full control of the server (many virtual
> servers are configured in such a way that they can't use localhost for
> internal network connections).
Interesting. Yes, that would be a way if I really needed that kind of
solution.
> > One reason I send my mail directly, is that the relay host of my ISP only
> > accepts my email if the FROM is theirs, and reject it otherwise. So, using
> > their relay, I could not send using my sourceforge or ieee alias, for
> > instance. I'm still investigating it, because I think postfix is not being
> > able to authenticate properly to them.
>
> Postfix can use authentication for the smtp client. With Postfix 2.3 or newer
> you can even use sender_dependent_relayhost settings. Though I still think
> that it is an evil construct.
I have been hearing, not seeing, of that for some time. It might work for
small setups like mine.
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFFiZ0rtTMYHG2NR9URAmLKAJ4o78jgphC4NAHqLZPHWhbMOmi8mACfQkx+
yidlxgaWN/szYA5l5umiA38=
=o8xe
-----END PGP SIGNATURE-----
