On 2/14/2011 6:12 AM, Georg Schönweger wrote:
[SNIP]
You get "Relay access denied" when you're contacting a RECEIVING mail
server with a message that that mailserver doesn't want to handle,
because it's not the authoritative destination for that domain.
Nothing here implies anything wrong with a legitimate relay that
you're using on the SENDING side. If that works at all, then it's
fine. Either you're authorized to relay through it or not. Using/not
using that is a separate decision altogether. The receiver doesn't
care how many relays a message has been through. It cares only about
two things: 1) is the most recent hop blacklisted; 2) do I (the
receiver) handle the recipient address (domain and username) either as
a relay or as the final destination.
You are failing test 2) it seems.
Main question -- is the receiving mail server in question listed as a
current MX for domain.com? (Or is your webserver somehow accessing
stale MX...) But If the MX indeed is current, the receiving server is
probably just misconfigured and you can do nothing but contact the
remote site's postmaster. (By phone perhaps, depending on the level of
brokenness?!? :-))
-Daniel
On 2/14/2011 6:12 AM, Georg Schönweger wrote:
[REPOSTED FROM PERSONAL REPLY]
Hello Daniel,
thank you for this clear explanation! How can i figure out if the
receving mail server is listet as current MX for the recipient mail
address? It's not a big problem for us if the recipients mail server is
misconfigured, it's just 1 customer on our websites :) I only want to
know if it is our fault or not..
Anyway, i think removing the relayhost would be a great thing because
the system would be easier to handle and we don't depend anymore on the
external smtp server. BUT i'm afraid that we get then higher
spam-rankings like in the past.. Our local server has now a valid RDNS
entry. Is there anything else i have to take care about?
- Georg
Please keep all replies to the list so people know the status of the
thread, and so it can be closed as soon as possible. Also as I learned
at first, the convention is to bottom-post.
[Aside: As far as spam rankings: rDNS is but one minor test. I lacked an
rDNS on my server for awhile and had only one (rather minor) receiving
MX that complained compared to thousands of successes. "IP Reputation"
is all the rage. There are a number of utility sites out there that will
take the IP of any Mail Exchanger, (actually any IP at all, which can be
used to evaluate potential), and report on its blacklist status and some
even try to rank its general trustworthiness. Here's a random one that
looks legit from an obvious Google keyword search:
http://www.mxtoolbox.com/blacklists.aspx Veterans of this mailing list
may have other favorites to recommend. The main thing is to have no red
flags when querying spamhaus.org:
http://www.spamhaus.org/query/bl?ip=x.y.z.w]
But back to the main point: finding a current MX is a standard DNS
query. If you're admin'ing a mail server, facility with a DNS query like
dig or nslookup is essential. For example (note, I picked this to show
large sites have many exchangers, but only one is required)
unix% dig yahoo.com MX
; <<>> DiG 9.xxxxxxxxx <<>> yahoo.com MX
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42579
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 7, ADDITIONAL: 7
;; QUESTION SECTION:
;yahoo.com. IN MX
;; ANSWER SECTION:
yahoo.com. 1691 IN MX 1 m.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 a.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 b.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 c.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 d.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 e.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 f.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 g.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 h.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 i.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 j.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 k.mx.mail.yahoo.com.
yahoo.com. 1691 IN MX 1 l.mx.mail.yahoo.com.
[excess deleted]
-Daniel
