Re: [opensuse] postfix and helo/ehlo
John Andersen wrote: On Wednesday 20 December 2006 21:55, Sandy Drobic wrote: The problem is, if that address was earlier assigned to a dynamic dialin pool, you will still be blocked by blacklists that list this address space as dynamic. You may know it is static now, but the blacklists often don't care, and the server administrators who use the blacklists care even less. Radius servers (dialup) usually have their own pool. Regular dhcp (as found on dsl or cable modems) is a different animal. My IP for instance is pseudo-static, I've had the same IP since dirt. I'm allowed up to 8 IPs on this cable modem, and I can but the Linux laptop up in it once a week and ALWAYS get the same IP. That is what I have on my home connection as well. The current ip for japantest.homelinux.com hasn't changed for many month. Still the ip is listed as dynamic in dynablock.njabl.org and dul.sorbs.net. The number of domains that do not accept mails directly from my domain is also steadily increasing. Another reason why I decided to change to a static ip. That's where the problem comes in. Not so much with dial up, because those customers never run mail servers or any other services anyway. True, I only do it for my own curiosity and comfort. I support 4 medium size companies with statics. Until 4 months ago when I started bitching really loudly about static reverses being indistinguishable from dynamic reverses one or two of these would would get listed in sorbs every month or two. And it was always listed under dynamic IP, never under any of the other spammer categories. (I do egress filtering, so even if they get a worm its not going anywhere). Yep, sorbs is evil. I definitely do not recommend that list. It just so happens that these clients are shuttling large engineering documents between branch offices and other companies, and can't wait while the ISPs mail server chokes on these large document, so they run their own mail servers. It took me (and a few other system maintainers around the state) 4 months of bitching to get their policy changed so that statics have the word "static" in the reverse. One of my cohorts reported that his static was listed in sorbs as a dynamic IP AGAIN after this happened. The truth is that sorbs does no checking at all. Its totally unreliable. Blocking on dynamic IP is collective punishment, universally condemned in every other area of society except fighting spam it would seem. Unfortunately it is also very effective to block mails from dynamic ip spaces. :-( Not counting those few like you and me who are operating real servers at home the overwhelming majority of mails sent from dynamic ips is indeed spam and viruses. I take great pains to insure that all mails within our network are routed through our gateway and I even scan our own sent mail for spam and viruses. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
Ken Gramm wrote: The problem is, if that address was earlier assigned to a dynamic dialin pool, you will still be blocked by blacklists that list this address space as dynamic. You may know it is static now, but the blacklists often don't care, and the server administrators who use the blacklists care even less. This is my experience of practical use, no personal theory required. I can verify that. I've owned my IP addresses for over 5 years. I even have rDNS delegated to me, but my IP addresses still show up as dynamic on some of the blacklists (i.e. sorbs.net). Sorbs is not a well-maintained list in my opinion, and I refuse to use it. There are many stories of admins tearing their hair out because their IPs pop up again and again as "dynamic" in the sorbs list. From what I saw it is sufficient to have a rdns like xx-xxx-xxx-xxx.client.isp.tld to get you listed as dynamic without regard to the policy of the provider. Their delisting policy also sucks. I feel for you, man... Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
On Wednesday 20 December 2006 21:55, Sandy Drobic wrote: > The problem is, if that address was earlier assigned to a dynamic dialin > pool, you will still be blocked by blacklists that list this address space > as dynamic. You may know it is static now, but the blacklists often don't > care, and the server administrators who use the blacklists care even less. Radius servers (dialup) usually have their own pool. Regular dhcp (as found on dsl or cable modems) is a different animal. My IP for instance is pseudo-static, I've had the same IP since dirt. I'm allowed up to 8 IPs on this cable modem, and I can but the Linux laptop up in it once a week and ALWAYS get the same IP. That's where the problem comes in. Not so much with dial up, because those customers never run mail servers or any other services anyway. I support 4 medium size companies with statics. Until 4 months ago when I started bitching really loudly about static reverses being indistinguishable from dynamic reverses one or two of these would would get listed in sorbs every month or two. And it was always listed under dynamic IP, never under any of the other spammer categories. (I do egress filtering, so even if they get a worm its not going anywhere). It just so happens that these clients are shuttling large engineering documents between branch offices and other companies, and can't wait while the ISPs mail server chokes on these large document, so they run their own mail servers. It took me (and a few other system maintainers around the state) 4 months of bitching to get their policy changed so that statics have the word "static" in the reverse. One of my cohorts reported that his static was listed in sorbs as a dynamic IP AGAIN after this happened. The truth is that sorbs does no checking at all. Its totally unreliable. Blocking on dynamic IP is collective punishment, universally condemned in every other area of society except fighting spam it would seem. The ISP still will not allow the subscriber to specify the reverse. But that's another topic. -- _ John Andersen pgpffZaglpMTo.pgp Description: PGP signature
Re: [opensuse] postfix and helo/ehlo
> The problem is, if that address was earlier assigned to a dynamic dialin > pool, you will still be blocked by blacklists that list this address space > as dynamic. You may know it is static now, but the blacklists often don't > care, and the server administrators who use the blacklists care even less. > This is my experience of practical use, no personal theory required. I can verify that. I've owned my IP addresses for over 5 years. I even have rDNS delegated to me, but my IP addresses still show up as dynamic on some of the blacklists (i.e. sorbs.net). K -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
John Andersen wrote: On Wednesday 20 December 2006 09:56, Sandy Drobic wrote: No, my provider does give static IPs if you ask for it, on adsl (or whatever). It is used by small businesses, and also people needing it to work from home because their company has set their firewall to admit connections from certain IPs only, and things like that. Well, I wouldn't call it a static ip if these ips are in the same address space as the dial up addresses. (^-^) Sorry, you don't get to make the definitions Sandy. A static is an ip that is specific to a mac address and will not be assigned to anyone else. Most ISPs simply make a reservation in the dhcpd.conf with a host record specifying a mac address and whatever IP that mac happens to have at the moment. Even those that do have a special block reserved for statics frequently make no distinction in the reverse. The term static does not reflect address space, only use. The problem is, if that address was earlier assigned to a dynamic dialin pool, you will still be blocked by blacklists that list this address space as dynamic. You may know it is static now, but the blacklists often don't care, and the server administrators who use the blacklists care even less. This is my experience of practical use, no personal theory required. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
On Wednesday 20 December 2006 09:56, Sandy Drobic wrote: > > No, my provider does give static IPs if you ask for it, on adsl (or > > whatever). It is used by small businesses, and also people needing it to > > work from home because their company has set their firewall to admit > > connections from certain IPs only, and things like that. > > Well, I wouldn't call it a static ip if these ips are in the same address > space as the dial up addresses. (^-^) Sorry, you don't get to make the definitions Sandy. A static is an ip that is specific to a mac address and will not be assigned to anyone else. Most ISPs simply make a reservation in the dhcpd.conf with a host record specifying a mac address and whatever IP that mac happens to have at the moment. Even those that do have a special block reserved for statics frequently make no distinction in the reverse. The term static does not reflect address space, only use. -- _ John Andersen pgpSNRWSQYWrN.pgp Description: PGP signature
Re: [opensuse] postfix and helo/ehlo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Wednesday 2006-12-20 at 19:56 +0100, Sandy Drobic wrote: > > No, my provider does give static IPs if you ask for it, on adsl (or > > whatever). It is used by small businesses, and also people needing it to > > work from home because their company has set their firewall to admit > > connections from certain IPs only, and things like that. > > Well, I wouldn't call it a static ip if these ips are in the same address > space as the dial up addresses. (^-^) I don't know if they are in the same address space. They have a very wide space, and for those some are administratively static and some dynamic. Mine is currently 83.32..., dynamic and, for example, 213.96... are static. Physically, they are handled by the same set of machines, so it is really an administrative decision which are dynamic or static (the radius configuration, I think). You know, how they do the divisioning is just their decision. They can have mixed ranges, or not, I don't really know. If a provider says such range is static, well, it should be. Whether the owner (user) of that IP is reliable or not... that's a very different thing. > > I know that making rDNS is almost impossible because I have a friend with a > > Fidonet node and small mail server, and he doesn't have reverse dns working. > > He once was a very small provider himself, with a partnership, and he > > commented that he couldn't get it. Other people in the Spanish list also > > commented they couldn't get it, and from several providers. Its quite common > > around here, and unbeliveable for people like you ;-) > > Here in Germany you can have your choice among a variety of providers, so it's > always possible to get a clean static ip if you are willing to pay for it. Not every country works in the same way ;-) For example... people here chose provider X because it offers 20 Mbit, and cheaper than the "main" provider. In fact, they are hiring the access in bulk from the main provider at bulk prices - so whether they really are using another ISP is questionable. Other ISPs do have their own network, fully theirs... but then, they don't reach everywhere. > > I know, I know. I meant the idea, not that particular IP range. Suppose mine > > had the word "static". Just assume that it would not be rejected, every > > thing else being correct. I'm just curious about getting a matching rDNS > > name that way. > > > > For my provider, static IPs are named as > > "Z.Red-W-X-Y-.staticIP.rima-tde.net.". > > Doesn't really matter that much, because I (and I assume a lot of other > mailadmins) use checks like > if (hostname contains (number and "-" or ".") at least three times) then > treat as probably dynamic and hit with your favorite choice of checks like: > reject_unknown_sender_domain > reject_rbl_client bl.spamcop.net > reject_rbl_client dynalist.njabl.org > greylisting > reject_unverified_sender ¡Even if they are static addresses and have remained with the same owner for years! Not very nice... Ok, suppose they don't do such things. I'm just interested in a theoretical question :-) Suppose I have the static IP "W.X.Y.Z" Suppose I have a domain name, like "mydomainname.es". The rDNS would say, for instance, "Z.W.X.Y.staticIP.someprovider.net". Now, could I define the "mydomainname.es" to point to ""Z.W.X.Y.staticIP.provider.net", instead of IP "W.X.Y.Z."? Ie: On contracted DNS (might be the ISP or not): mydomainname.es --> pointer to Z.W.X.Y.staticIP.someprovider.net By ISP: Z.W.X.Y.staticIP.someprovider.net --> W.X.Y.Z W.X.Y.Z --> Z.W.X.Y.staticIP.someprovider.net What I want to know, theoretically, is if that would work as far as having a matching reverse DNS - even if later there are other checks that deny access. I'm not going to use that setup (I don't have a domain name, for starters), but I'm curious. O:-) > > > Because I did indeed get some desired mails from that address space I > > > can't > > > block rima-tde.net hard. > > > > It has millions of users, both home and businesses, both dynamic and static > > ;-) > > As far as mailservers are concerned only the static server ips are important. > And if they don't have a matching reverse dns they obviously can't be that > important... (^-°) Well, they won't be a thousand employee business, obviously. For example, the DNS of my professional engineer association mail server doesn't match its rDNS. > > Certainly, certainly, but I'm not receiving mail directly, and I don't have > > users. > > If you don't receive mail directly then you could probably better own a > virtual server at a serious hosting company for about 10 Euro per month. Then > use that server as relay server and mx for your domain. your internal server > would only talk to the relay server. That would be the most cost effective way > to get a static ip with almost full control of the server (many virtual > servers are configured in such a way that the
Re: [opensuse] postfix and helo/ehlo
Carlos E. R. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Wednesday 2006-12-20 at 13:43 +0100, Sandy Drobic wrote: Interesting... still, in my country it is very difficult or even impossible to get rDNS even from the address space owner. They simply do not offer that service, and the talk persons do not even know what it is (not really technicians). I simply can't imagine that a company with a/several static ip(s) and good bandwidth will not get a correct reverse dns if they insist on getting one. If that is the case and there is an alternative available the customer WILL change. I suppose so. A big customer can get almost anything. Yep, money makes almost anything possible. They definitely won't offer that service to small fry. I asked my current provider (of my private internet connection) if I could get a static ip for additional pay and they told me it is impossible. On the other hand they simply don't have business customers. So it's logical that they won't set up static ips and reverse dns. No, my provider does give static IPs if you ask for it, on adsl (or whatever). It is used by small businesses, and also people needing it to work from home because their company has set their firewall to admit connections from certain IPs only, and things like that. Well, I wouldn't call it a static ip if these ips are in the same address space as the dial up addresses. (^-^) I know that making rDNS is almost impossible because I have a friend with a Fidonet node and small mail server, and he doesn't have reverse dns working. He once was a very small provider himself, with a partnership, and he commented that he couldn't get it. Other people in the Spanish list also commented they couldn't get it, and from several providers. Its quite common around here, and unbeliveable for people like you ;-) Here in Germany you can have your choice among a variety of providers, so it's always possible to get a clean static ip if you are willing to pay for it. When asking for the r-name for my current IP (W.X.Y.Z), I get something like this: Z.Red-W-X-Y-.dynamicIP.rima-tde.net. My server would block you, because that IP is listed as dynamic. I know, I know. I meant the idea, not that particular IP range. Suppose mine had the word "static". Just assume that it would not be rejected, every thing else being correct. I'm just curious about getting a matching rDNS name that way. For my provider, static IPs are named as "Z.Red-W-X-Y-.staticIP.rima-tde.net.". Doesn't really matter that much, because I (and I assume a lot of other mailadmins) use checks like if (hostname contains (number and "-" or ".") at least three times) then treat as probably dynamic and hit with your favorite choice of checks like: reject_unknown_sender_domain reject_rbl_client bl.spamcop.net reject_rbl_client dynalist.njabl.org greylisting reject_unverified_sender Because I did indeed get some desired mails from that address space I can't block rima-tde.net hard. It has millions of users, both home and businesses, both dynamic and static ;-) As far as mailservers are concerned only the static server ips are important. And if they don't have a matching reverse dns they obviously can't be that important... (^-°) So, suppose I had a domain name, but instead of pointing it to my static address (if I had one), could I point it to the given reverse name instead? I don't know how that is called in DNS parlance, but I suppose you get the idea. The rDNS on the "real" name would work, as my real name would not be the one I choosed, but the one my ISP gave me... :-? This wouldn't change your IP, and many checks apply ip based blacklists. I know, it's a theoretical idea, assuming an static IP, and not blacklisted. In most cases it won't matter. I only had one case in about a year of productive use, where a mailserver refused to accept mail from my server because the helo name and the dns name did not match (at that time). I have a server on a dynamic ip, so I know very well that the situation might be manageable if you are using the server to learn and only for your own private purposes, that that will fail if more users are depending on the server and they can't react and set a route for a domain that does not take the mail directly. In the end the only solution is to use the relayhost of your provider with all the restrictions that apply to that solution. Certainly, certainly, but I'm not receiving mail directly, and I don't have users. If you don't receive mail directly then you could probably better own a virtual server at a serious hosting company for about 10 Euro per month. Then use that server as relay server and mx for your domain. your internal server would only talk to the relay server. That would be the most cost effective way to get a static ip with almost full control of the server (many virtual servers are configured in such a way that they can't use local
Re: [opensuse] postfix and helo/ehlo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Wednesday 2006-12-20 at 13:43 +0100, Sandy Drobic wrote: > > Interesting... still, in my country it is very difficult or even impossible > > to get rDNS even from the address space owner. They simply do not offer that > > service, and the talk persons do not even know what it is (not really > > technicians). > > I simply can't imagine that a company with a/several static ip(s) and good > bandwidth will not get a correct reverse dns if they insist on getting one. If > that is the case and there is an alternative available the customer WILL > change. I suppose so. A big customer can get almost anything. > They definitely won't offer that service to small fry. I asked my current > provider (of my private internet connection) if I could get a static ip for > additional pay and they told me it is impossible. On the other hand they > simply don't have business customers. So it's logical that they won't set up > static ips and reverse dns. No, my provider does give static IPs if you ask for it, on adsl (or whatever). It is used by small businesses, and also people needing it to work from home because their company has set their firewall to admit connections from certain IPs only, and things like that. I know that making rDNS is almost impossible because I have a friend with a Fidonet node and small mail server, and he doesn't have reverse dns working. He once was a very small provider himself, with a partnership, and he commented that he couldn't get it. Other people in the Spanish list also commented they couldn't get it, and from several providers. Its quite common around here, and unbeliveable for people like you ;-) > > > An idea. > > > > When asking for the r-name for my current IP (W.X.Y.Z), I get something like > > this: > > > > Z.Red-W-X-Y-.dynamicIP.rima-tde.net. > > > >(and sometimes "static" something, instead of dynamic, go figure - this > >is the main provider here, by the way). > > Bleah, I see these hostnames very often on my reject report. Let's see what > restrictions would make your server fail: ... > My server would block you, because that IP is listed as dynamic. I know, I know. I meant the idea, not that particular IP range. Suppose mine had the word "static". Just assume that it would not be rejected, every thing else being correct. I'm just curious about getting a matching rDNS name that way. For my provider, static IPs are named as "Z.Red-W-X-Y-.staticIP.rima-tde.net.". > Because I did indeed get some desired mails from that address space I can't > block rima-tde.net hard. It has millions of users, both home and businesses, both dynamic and static ;-) > > > So, suppose I had a domain name, but instead of pointing it to my static > > address (if I had one), could I point it to the given reverse name instead? > > I don't know how that is called in DNS parlance, but I suppose you get the > > idea. > > > > The rDNS on the "real" name would work, as my real name would not be the one > > I choosed, but the one my ISP gave me... > > > > :-? > > This wouldn't change your IP, and many checks apply ip based blacklists. I know, it's a theoretical idea, assuming an static IP, and not blacklisted. > I have a server on a dynamic ip, so I know very well that the situation might > be manageable if you are using the server to learn and only for your own > private purposes, that that will fail if more users are depending on the > server and they can't react and set a route for a domain that does not take > the mail directly. > > In the end the only solution is to use the relayhost of your provider with all > the restrictions that apply to that solution. Certainly, certainly, but I'm not receiving mail directly, and I don't have users. > I decided to invest in a static ip and change provider because more and more > servers do not accept mails directly, and the relayserver of my provider is > not as reliable as I wish my server to be. So, I will soon be able to enjoy > the benefits of a static ip. Might have to do that one day. One reason I send my mail directly, is that the relay host of my ISP only accepts my email if the FROM is theirs, and reject it otherwise. So, using their relay, I could not send using my sourceforge or ieee alias, for instance. I'm still investigating it, because I think postfix is not being able to authenticate properly to them. Otherwise, I modify the "transport" file as needed. - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFiTmhtTMYHG2NR9URAp8bAJ0XNj7+vcHOm1H2t7CpLNe4UoycdgCfRDl9 KOfAjwJiZY5o7GnScP+vTVg= =wS/u -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
Carlos E. R. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2006-12-19 at 23:03 +0100, Sandy Drobic wrote: Having a proper reverse DNs means that: - your provider is on good speaking terms with the provider of address space (or even that he is the address space provider) - your dns name is meant to last for some time. Interesting... still, in my country it is very difficult or even impossible to get rDNS even from the address space owner. They simply do not offer that service, and the talk persons do not even know what it is (not really technicians). I simply can't imagine that a company with a/several static ip(s) and good bandwidth will not get a correct reverse dns if they insist on getting one. If that is the case and there is an alternative available the customer WILL change. They definitely won't offer that service to small fry. I asked my current provider (of my private internet connection) if I could get a static ip for additional pay and they told me it is impossible. On the other hand they simply don't have business customers. So it's logical that they won't set up static ips and reverse dns. An idea. When asking for the r-name for my current IP (W.X.Y.Z), I get something like this: Z.Red-W-X-Y-.dynamicIP.rima-tde.net. (and sometimes "static" something, instead of dynamic, go figure - this is the main provider here, by the way). Bleah, I see these hostnames very often on my reject report. Let's see what restrictions would make your server fail: Your IP (example): Dec 20 12:27:12 spamkill postfix/smtpd[15448]: NOQUEUE: reject: RCPT from 181.Red-83-59-227.dynamicIP.rima-tde.net[83.59.227.181]: 554 5.7.1 Service unavailable; Client host [83.59.227.181] blocked using dynablock.njabl.org; Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html; My server would block you, because that IP is listed as dynamic. Even if the ip would not be blocked, just your hostname alone (the reverse dns name, not the helo) would trigger additional check like checking in bl.spamcop.net, greylisting and sender address verify. Because I did indeed get some desired mails from that address space I can't block rima-tde.net hard. So, suppose I had a domain name, but instead of pointing it to my static address (if I had one), could I point it to the given reverse name instead? I don't know how that is called in DNS parlance, but I suppose you get the idea. The rDNS on the "real" name would work, as my real name would not be the one I choosed, but the one my ISP gave me... :-? This wouldn't change your IP, and many checks apply ip based blacklists. I have a server on a dynamic ip, so I know very well that the situation might be manageable if you are using the server to learn and only for your own private purposes, that that will fail if more users are depending on the server and they can't react and set a route for a domain that does not take the mail directly. In the end the only solution is to use the relayhost of your provider with all the restrictions that apply to that solution. I decided to invest in a static ip and change provider because more and more servers do not accept mails directly, and the relayserver of my provider is not as reliable as I wish my server to be. So, I will soon be able to enjoy the benefits of a static ip. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2006-12-19 at 23:03 +0100, Sandy Drobic wrote: > Having a proper reverse DNs means that: > - your provider is on good speaking terms with the provider of address space > (or even that he is the address space provider) > - your dns name is meant to last for some time. Interesting... still, in my country it is very difficult or even impossible to get rDNS even from the address space owner. They simply do not offer that service, and the talk persons do not even know what it is (not really technicians). An idea. When asking for the r-name for my current IP (W.X.Y.Z), I get something like this: Z.Red-W-X-Y-.dynamicIP.rima-tde.net. (and sometimes "static" something, instead of dynamic, go figure - this is the main provider here, by the way). So, suppose I had a domain name, but instead of pointing it to my static address (if I had one), could I point it to the given reverse name instead? I don't know how that is called in DNS parlance, but I suppose you get the idea. The rDNS on the "real" name would work, as my real name would not be the one I choosed, but the one my ISP gave me... :-? - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFiSKrtTMYHG2NR9URAgF3AJ9tY1oDmoJiI/8dMNUuYkSNEt3BnACfaUhd rqNfCVXzmOj1PrIOcUjK8Hg= =tIm9 -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
John Andersen wrote: On Tuesday 19 December 2006 06:34, Sandy Drobic wrote: If you are working on a dynamic line you should consider to either upgrade to a static ip or at least to use a relayhost with a static ip. But bear in mind, that even statics does not guarantee you will have an option to specify the reverse. Many ISPs will simply NOT allow you to specify a reverse. Having a static IP will have two benefits: - dns resolution will always point to the right ip address - (hopefully) your ip is not marked as dynamic in a blacklist Having a proper reverse DNs means that: - your provider is on good speaking terms with the provider of address space (or even that he is the address space provider) - your dns name is meant to last for some time. it ist not neccessary for the client itself to have the option to define the reverse dns name. But if I am asking my provider to take care of setting the pointer to the right name, he should either do it or I will take my business to someone who CAN do it. Even if he is more expensive than the big ISP. Currently we are paying quite a bit of money for our line plus the transfer volume. But our provider is doing his very best to make us happy, so we pay his outrageous fees. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
On Tuesday 19 December 2006 06:34, Sandy Drobic wrote: > If you are working on a dynamic line you should consider to either upgrade > to a static ip or at least to use a relayhost with a static ip. But bear in mind, that even statics does not guarantee you will have an option to specify the reverse. Many ISPs will simply NOT allow you to specify a reverse. -- _ John Andersen pgplcHb9Q9Xvv.pgp Description: PGP signature
Re: [opensuse] postfix and helo/ehlo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2006-12-19 at 20:32 +0100, Sandy Drobic wrote: > > I have been told that is an almost impossible task at some places > > (countries). We can easily get a domain name, but we can not change the > > reverse name: it is defined by the provider to his liking (read: less work). > > Some providers here do not even have rDNS on! > > Such a provider is almost useless for someone who wishes to set up his own > mailserver. I have some chinese contacts that are inflicted with such a > provider. It doesn't change the fact that such a setup is seriously cramped > for a mailserver. > > If you want to set up your own mailserver, you first have to decide how > serious you are. Thanks to all the spam, phishing and viruses many mailserver > admins are applying harsh checks before they accept mails. The old days where > being an open relay meant you were part of the community sadly have gone the > way of the dinosaurs. (ranting a bit) If "authorities" really wanted to fight spam, they could ban it very effectively. The originator can be traced even on dynamic IPs. If they wanted, they could get at them and fine or imprison them as the courts decided. I must be dreaming... > So you need to set up the server with correct dns name for the ip and matching > reverse dns pointer. If you can't get that you will run into trouble. I know that. > > > If you are working on a dynamic line you should consider to either upgrade > > > to a static ip or at least to use a relayhost with a static ip. > > > > Do you know that many providers in my country reject relaying mail if the > > from address is not in their domain, even for clients in their network? > > Which country is that, spain? Right. > I have heard many stories about British Telecom > believing that no reverse dns settings are neccessary for clients. Well, if > you have the choice you just take your business to another ISP. Tiscali Spain, for instance, did not have rDNS for clients. They are out of business, they passed their network and clients to Wanadoo" (France Telecom). I don't know how they are handling it now. But it is typical here not been able to set up rDNS properly: we get an IP based name, even for static, business IPs. > If you don't have a choice, you make do with what you have. Currently, I do not need a "real" mail server. I only send, but I like to learn things and do them as best as possible. Ie, let's say that I "practice" or train myself. - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFiFLYtTMYHG2NR9URAkuLAJoDuIlDYsiSRauVjAFsRQF5sp7XywCfWwjO ti1G+E4Fx/o0uURVQpn28yc= =ihOF -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
Carlos E. R. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2006-12-19 at 16:34 +0100, Sandy Drobic wrote: The correct way to handle this would be to tell the admin of the ip address space to set the correct ptr record. If that is not possible and the line already has a static ip, look for an alternate provider. I have been told that is an almost impossible task at some places (countries). We can easily get a domain name, but we can not change the reverse name: it is defined by the provider to his liking (read: less work). Some providers here do not even have rDNS on! Such a provider is almost useless for someone who wishes to set up his own mailserver. I have some chinese contacts that are inflicted with such a provider. It doesn't change the fact that such a setup is seriously cramped for a mailserver. If you want to set up your own mailserver, you first have to decide how serious you are. Thanks to all the spam, phishing and viruses many mailserver admins are applying harsh checks before they accept mails. The old days where being an open relay meant you were part of the community sadly have gone the way of the dinosaurs. So you need to set up the server with correct dns name for the ip and matching reverse dns pointer. If you can't get that you will run into trouble. Only if the above is not possible you could set the smtp_helo_name to your current reverse dns name. How about setting myhostname? Mmm, it would affect receiving mail, I suppose... And having both names, the one provided by isp, and the contracted DNS name? I'm afraid I'm not too clear O:-) The default for $smtp_helo_name is already $myhostname. That's were some of the "localhost.localdomain" come from. So your instinct is right on target. (^-^) If you are working on a dynamic line you should consider to either upgrade to a static ip or at least to use a relayhost with a static ip. Do you know that many providers in my country reject relaying mail if the from address is not in their domain, even for clients in their network? Which country is that, spain? I have heard many stories about British Telecom believing that no reverse dns settings are neccessary for clients. Well, if you have the choice you just take your business to another ISP. If you don't have a choice, you make do with what you have. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Tuesday 2006-12-19 at 16:34 +0100, Sandy Drobic wrote: > The correct way to handle this would be to tell the admin of the ip address > space to set the correct ptr record. If that is not possible and the line > already has a static ip, look for an alternate provider. I have been told that is an almost impossible task at some places (countries). We can easily get a domain name, but we can not change the reverse name: it is defined by the provider to his liking (read: less work). Some providers here do not even have rDNS on! > Only if the above is not possible you could set the smtp_helo_name to your > current reverse dns name. How about setting myhostname? Mmm, it would affect receiving mail, I suppose... And having both names, the one provided by isp, and the contracted DNS name? I'm afraid I'm not too clear O:-) > If you are working on a dynamic line you should consider to either > upgrade to a static ip or at least to use a relayhost with a static ip. Do you know that many providers in my country reject relaying mail if the from address is not in their domain, even for clients in their network? - -- Cheers, Carlos E. R. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFiDR4tTMYHG2NR9URAuauAJ9AOZwmMxpd4C8keHUIo5RyorHxxACgiBXL fQNxzgk0kFlGDGg4y30OkBw= =5cDI -END PGP SIGNATURE- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
> Leen de Braal wrote: >> I am having troubles with mailservers on adsl lines connecting to sites, >> that check for dns resolving. >> Although a correct resolving is done on the name of the server (host >> mail.sendingserver.tld) the other way round (host 111.222.333.444) >> resolves to a name like ip.speed.dslprovider.tld. >> (names and IP's here are not real of course) >> >> How can I configure postfix to report a helo like >> ip.speed.dslprovider.tld, so that the receiving server accepts? >> >> I tried this by hand with a telnet to a troublesome server, and if i do >> it >> this way, mail is accepted. So that's why I think this may be the >> solution. >> But if there is a better way, pls let me know. > > The correct way to handle this would be to tell the admin of the ip > address space to set the correct ptr record. If that is not possible and > the line already has a static ip, look for an alternate provider. > > Only if the above is not possible you could set the smtp_helo_name to your > current reverse dns name. > > postconf -e "smtp_helo_name = ip.speed.dslprovider.tld" > postfix reload > > If you are working on a dynamic line you should consider to either upgrade > to a static ip or at least to use a relayhost with a static ip. > Ok, thanks, Sandy. For the moment I will solve the urgent problem with setting a helo_name then. Thanks > Sandy > -- > List replies only please! > Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- L. de Braal BraHa Systems NL - Terneuzen T +31 115 649333 F +31 115 649444 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse] postfix and helo/ehlo
Leen de Braal wrote: I am having troubles with mailservers on adsl lines connecting to sites, that check for dns resolving. Although a correct resolving is done on the name of the server (host mail.sendingserver.tld) the other way round (host 111.222.333.444) resolves to a name like ip.speed.dslprovider.tld. (names and IP's here are not real of course) How can I configure postfix to report a helo like ip.speed.dslprovider.tld, so that the receiving server accepts? I tried this by hand with a telnet to a troublesome server, and if i do it this way, mail is accepted. So that's why I think this may be the solution. But if there is a better way, pls let me know. The correct way to handle this would be to tell the admin of the ip address space to set the correct ptr record. If that is not possible and the line already has a static ip, look for an alternate provider. Only if the above is not possible you could set the smtp_helo_name to your current reverse dns name. postconf -e "smtp_helo_name = ip.speed.dslprovider.tld" postfix reload If you are working on a dynamic line you should consider to either upgrade to a static ip or at least to use a relayhost with a static ip. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse] postfix and helo/ehlo
I am having troubles with mailservers on adsl lines connecting to sites, that check for dns resolving. Although a correct resolving is done on the name of the server (host mail.sendingserver.tld) the other way round (host 111.222.333.444) resolves to a name like ip.speed.dslprovider.tld. (names and IP's here are not real of course) How can I configure postfix to report a helo like ip.speed.dslprovider.tld, so that the receiving server accepts? I tried this by hand with a telnet to a troublesome server, and if i do it this way, mail is accepted. So that's why I think this may be the solution. But if there is a better way, pls let me know. -- L. de Braal BraHa Systems NL - Terneuzen T +31 115 649333 F +31 115 649444 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
