Am 14.02.2011 12:28, schrieb Daniel Bromberg: > On 2/14/2011 6:12 AM, Georg Schönweger wrote: >> [SNIP] >>> You get "Relay access denied" when you're contacting a RECEIVING mail >>> server with a message that that mailserver doesn't want to handle, >>> because it's not the authoritative destination for that domain. >>> Nothing here implies anything wrong with a legitimate relay that >>> you're using on the SENDING side. If that works at all, then it's >>> fine. Either you're authorized to relay through it or not. Using/not >>> using that is a separate decision altogether. The receiver doesn't >>> care how many relays a message has been through. It cares only about >>> two things: 1) is the most recent hop blacklisted; 2) do I (the >>> receiver) handle the recipient address (domain and username) either as >>> a relay or as the final destination. >>> >>> You are failing test 2) it seems. >>> >>> Main question -- is the receiving mail server in question listed as a >>> current MX for domain.com? (Or is your webserver somehow accessing >>> stale MX...) But If the MX indeed is current, the receiving server is >>> probably just misconfigured and you can do nothing but contact the >>> remote site's postmaster. (By phone perhaps, depending on the level of >>> brokenness?!? :-)) >>> >>> -Daniel >>> > > On 2/14/2011 6:12 AM, Georg Schönweger wrote: >> [REPOSTED FROM PERSONAL REPLY] >> Hello Daniel, >> >> thank you for this clear explanation! How can i figure out if the >> receving mail server is listet as current MX for the recipient mail >> address? It's not a big problem for us if the recipients mail server is >> misconfigured, it's just 1 customer on our websites :) I only want to >> know if it is our fault or not.. >> >> Anyway, i think removing the relayhost would be a great thing because >> the system would be easier to handle and we don't depend anymore on the >> external smtp server. BUT i'm afraid that we get then higher >> spam-rankings like in the past.. Our local server has now a valid RDNS >> entry. Is there anything else i have to take care about? >> >> - Georg >> > > Please keep all replies to the list so people know the status of the > thread, and so it can be closed as soon as possible. Also as I learned > at first, the convention is to bottom-post. > > [Aside: As far as spam rankings: rDNS is but one minor test. I lacked > an rDNS on my server for awhile and had only one (rather minor) > receiving MX that complained compared to thousands of successes. "IP > Reputation" is all the rage. There are a number of utility sites out > there that will take the IP of any Mail Exchanger, (actually any IP at > all, which can be used to evaluate potential), and report on its > blacklist status and some even try to rank its general > trustworthiness. Here's a random one that looks legit from an obvious > Google keyword search: http://www.mxtoolbox.com/blacklists.aspx > Veterans of this mailing list may have other favorites to recommend. > The main thing is to have no red flags when querying spamhaus.org: > http://www.spamhaus.org/query/bl?ip=x.y.z.w] > > But back to the main point: finding a current MX is a standard DNS > query. If you're admin'ing a mail server, facility with a DNS query > like dig or nslookup is essential. For example (note, I picked this to > show large sites have many exchangers, but only one is required) > > unix% dig yahoo.com MX > > ; <<>> DiG 9.xxxxxxxxx <<>> yahoo.com MX > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42579 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 7, ADDITIONAL: 7 > > ;; QUESTION SECTION: > ;yahoo.com. IN MX > > ;; ANSWER SECTION: > yahoo.com. 1691 IN MX 1 m.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 a.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 b.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 c.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 d.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 e.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 f.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 g.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 h.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 i.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 j.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 k.mx.mail.yahoo.com. > yahoo.com. 1691 IN MX 1 l.mx.mail.yahoo.com. > > [excess deleted] > > -Daniel > > > > > thx for your help. i can't check the DNS query on our relayhost smtp server. On our local Server the MX is current. My conclusion is that a) our external relayhost smtp has wrong MX entry or b) recipient mailserver is misconfigured. I will switch off now the relayhost since our ip isn't listet on any blacklist i checked so far.. Other question: I have a local postfix server with a dynamich IP which sometimes is blacklisted. Does it help in this case to use a relayhost which isn't blacklistet? Because the final-recipient's mailserver could see/check that the original mailserver is blacklistet.
- Georg
